GalloDaSballo
commented
2 years ago Agree with finding, this shows a different exploit that can be mitigated by using OpenZeppelin's EnumerableSet
Open code423n4 opened 2 years ago
GalloDaSballo
commented
2 years ago Agree with finding, this shows a different exploit that can be mitigated by using OpenZeppelin's EnumerableSet
Handle
cmichel
Vulnerability details
Many contracts iterate over the entire
strategiesortokensarray of a vaultFor example:
Harvester.removeStrategyHarvester.harvestNextStrategyManager.removeTokenImpact
The transactions can fail if the arrays get too big and the transaction would consume more gas than the block limit. This will then result in a denial of service for the desired functionality and break core functionality.
Recommended Mitigation Steps
Keep the number of
strategiesandtokensper pool small. Alternatively use an enumerable set for better efficiency. It does not require iterating over the entire array when trying to find an element inremoveStrategy/Token.