Open code423n4 opened 3 years ago
cmichel
The SynthVault.harvestAll iterates over all stakedSynthAssets. Anyone can push to this array by creating a synth over curated assets.
SynthVault.harvestAll
stakedSynthAssets
The transactions can fail if the arrays get too big and the transaction would consume more gas than the block limit.
Keep the number of synths/curated pools small.
only one synth can exist per curated asset. There is a 10 curatedPool limit in place for this.
Per sponsor comment, invalid
Handle
cmichel
Vulnerability details
Vulnerability Details
The
SynthVault.harvestAll
iterates over allstakedSynthAssets
. Anyone can push to this array by creating a synth over curated assets.Impact
The transactions can fail if the arrays get too big and the transaction would consume more gas than the block limit.
Recommended Mitigation Steps
Keep the number of synths/curated pools small.