GalloDaSballo / Apollon-Review

Notes for the Apollon Solo Security Review
0 stars 0 forks source link

`massUpdatePools` needs to be capped due to OOG reverts #72

Open GalloDaSballo opened 3 months ago

GalloDaSballo commented 3 months ago

 Impact

massUpdatePools looks as follows:

 function massUpdatePools() public {
    uint length = pools.length;
    for (uint n = 0; n < length; n++) {
      updatePool(pools[n]);
    }
  }

Meaning it will iterate over all known pools

The gas limit on SEI is 10MLN gas per block

Assuming around 25k gas per update, that's 400 pools before the function reverts

I just did some quick napkin math on the amount of storage slots used, you should write a test to verify the limit as to avoid getting reverts in prod

That said, anything below 100 pools will have a high margin of safety

Mitigation

Ensure you do not surpass 100 pools as to avoid consuming too much gas which could cause reverts

sambP commented 3 months ago
Screenshot 2024-08-27 at 6 55 25 PM