getReward() is susceptible to DoS with block gas limit #198
Labels
bug
Something isn't working
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Lines of code
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraLocker.sol#L303-L318
Vulnerability details
Impact
getReward() is a public function and the for loop within runs as many times as rewardTokens.length. Hence, if rewardTokens.length is big enough, DoS with block gas limit can occur.
Proof of Concept
https://consensys.github.io/smart-contract-best-practices/attacks/denial-of-service/#dos-with-block-gas-limit
Tools Used
Manual analysis
Recommended Mitigation Steps
I suggest to limit the max number of loop iterations to prevent hitting block gas limit.
The text was updated successfully, but these errors were encountered: