Upgraded Q -> 2 from #117 [1675572860639] #685
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-552
satisfactory
satisfies C4 submission criteria; eligible for awards
Judge has assessed an item in Issue #117 as 2 risk. The relevant finding follows:
Description
If a single address has certain amount of RabbitHoleReceipt tokens (receipts) - according to tests ~1050, when he tries to call claim function from Quest.sol it will always revert with 'Transaction ran out of gas' error. The reason for the error is that claim function loops over user's all tokens.
uint[] memory tokens = rabbitHoleReceiptContract.getOwnedTokenIdsOfQuest(questId, msg.sender);
...
for (uint i = 0; i < tokens.length; i++) {
if (!isClaimed(tokens[i])) {
redeemableTokenCount++;
}
}
PoC
Add a new test case in test/Erc20Quest.spec.ts file.
it('user can DoS himself (claim function)', async () => {
const signers = await ethers.getSigners();
const seller = signers[9]
const buyer = signers[10];
})
Mitigation Steps
The user can always generate a new address and transfer some of the funds there. But if he has many tokens (> 10000), he should manage dozen accounts which can be become difficult and time consuming.
Better approach is to add maximum token claim amount as function parameter or to check tokens array length to not exceed certain amount.
The text was updated successfully, but these errors were encountered: