function claimAllForMember(address member) external returns (bool){
address [] memory listedAssets = listedBondAssets; // Get array of bond assets
// audit --> unbounded loop + "is intended to be a historical array of all past Bond listed assets"
for(uint i = 0; i < listedAssets.length; i++){
uint claimA = calcClaimBondedLP(member, listedAssets[i]); // Check user's unlocked Bonded LPs for each asset
if(claimA > 0){
_BONDVAULT.claimForMember(listedAssets[i], member); // Claim LPs if any unlocked
}
}
return true;
}
since length listed asset will increase with time due to which it may run out of gas, since in each iteration there function call inside the loop
SamusElderg
commented
3 years ago
Handle
JMukesh
Vulnerability details
Impact
function claimAllForMember(address member) external returns (bool){ address [] memory listedAssets = listedBondAssets; // Get array of bond assets // audit --> unbounded loop + "is intended to be a historical array of all past Bond listed assets"
since length listed asset will increase with time due to which it may run out of gas, since in each iteration there function call inside the loop
Proof of Concept
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Dao.sol#L276
Tools Used
manual review
Recommended Mitigation Steps
pull over push strategy for external calls.