Unbounded iteration over all premium tokens #102
Labels
1 (Low Risk)
bug
Something isn't working
sponsor acknowledged
Sponsor acknowledged, but not resolving
Handle
cmichel
Vulnerability details
The
Gov.protocolRemove
function iterates over all elements of thetokensSherX
array.Impact
The transactions could fail if the arrays get too big and the transaction would consume more gas than the block limit.
This will then result in a denial of service for the desired functionality and break core functionality.
The severity is low as only governance can whitelist these tokens but not the protocols themselves.
Recommendation
Keep the array size small.
The text was updated successfully, but these errors were encountered: