This repository has been archived by the owner on Jul 21, 2024. It is now read-only.
0xGreyWolf - CouncilMembers::_retrieve()
loops over an array of balances
to stream individualBalance
and as the array size (council members) grow, gas cost expands until it becomes unusable.
#162
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
0xGreyWolf
high
CouncilMembers::_retrieve()
loops over an array ofbalances
to streamindividualBalance
and as the array size (council members) grow, gas cost expands until it becomes unusable.Summary
An internal function CouncilMembers::_retrieve() loops over an array
balances
then addsindividualBalance
on every element. Every element represents nft token holders / Council Members so it is expected to increase over time. As it happens, the gas cost increases until it becomes unusable either by impracticality or until it reaches the block gas limit.The
CouncilMembers::_retrieve()
is also used in multiple occasions as listed in Vulnerability Detail.Here's a quick look of the code.
Vulnerability Detail
As the council members increase, the array size increases because that is where the tokenId is stored. As it happens the gas cost increases until the time it is unusable either by impracticality or until it reaches the block gas limit.
This internal function is "also" used in multiple functions. It is expected that the adverse effect will spread across them too.
CouncilMembers::retrieve()
CouncilMembers::claim()
CouncilMembers::removeFromOffice()
CouncilMembers::mint()
CouncilMembers::burn()
CouncilMembers::_update()
Impact
Code Snippet
Tool used
Manual Review
Recommendation
Use mapping to track balances per tokenId then implement the code around it.
The text was updated successfully, but these errors were encountered: