This repository has been archived by the owner on Jun 2, 2024. It is now read-only.
Oxd1z - calls-loop #2
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
the
Excluded
|
Invalid, check required for access control for different tokenIds |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Oxd1z
medium
calls-loop
Summary
Calls inside the loop might lead to a denial-of-service attack.
Vulnerability Detail
LockingPositionDelegate.manageOwnedAndDelegated(LockingPositionDelegate.OwnedAndDelegated) has external calls inside a loop: require(bool,string)(msg.sender == cvgControlTower.lockingPositionManager().ownerOf(_ownedAndDelegatedTokens.owneds[i]),TOKEN_NOT_OWNED)
Impact
Code Snippet
https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Locking/LockingPositionDelegate.sol#L337-L340
Tool used
Slither
Manual Review
Recommendation
Favor a pull over push strategy for external calls.
The text was updated successfully, but these errors were encountered: