code423n4 commented 3 years ago

Handle

cmichel

Vulnerability details

Vulnerability Details

The Visor._removeNft iterates over all nfts. Anyone can add to this array by depositing NFTs, see Visor.onERC721Received.

Other occurences that makes an unbounded iteration over arrays:

Visor.getBalanceLocked
Visor.getNftIdByTokenIdAndAddr
HyperVisor.isValidVault
HyperVisor.calculateTotalStakeUnits

Impact

The transactions can fail if the arrays get to big and the transaction would consume more gas than the block limit. This will then result in a denial of service for the desired functionality and break core functionality.

Recommended Mitigation Steps

Keep the arrays small by setting a max size or make it possible to process the arrays in chunks in several transactions if possible.

ghost commented 3 years ago

sponsor acknowledged Onus of client and platform context to avoid

ghoul-sol commented 3 years ago

Duplicate of #80

code-423n4 / 2021-05-visorfinance-findings

Unbounded iteration #46

Handle

Vulnerability details

Vulnerability Details

Impact

Recommended Mitigation Steps