Many contracts iterate over the entire strategies or tokens array of a vault
For example:
Harvester.removeStrategy
Harvester.harvestNextStrategy
Manager.removeToken
Impact
The transactions can fail if the arrays get too big and the transaction would consume more gas than the block limit.
This will then result in a denial of service for the desired functionality and break core functionality.
Recommended Mitigation Steps
Keep the number of strategies and tokens per pool small.
Alternatively use an enumerable set for better efficiency. It does not require iterating over the entire array when trying to find an element in removeStrategy/Token.
Handle
cmichel
Vulnerability details
Many contracts iterate over the entire
strategies
ortokens
array of a vaultFor example:
Harvester.removeStrategy
Harvester.harvestNextStrategy
Manager.removeToken
Impact
The transactions can fail if the arrays get too big and the transaction would consume more gas than the block limit. This will then result in a denial of service for the desired functionality and break core functionality.
Recommended Mitigation Steps
Keep the number of
strategies
andtokens
per pool small. Alternatively use an enumerable set for better efficiency. It does not require iterating over the entire array when trying to find an element inremoveStrategy/Token
.