SamSteinGG
commented
2 years ago There can be no hard limit as block gas limits and gas cost fluctuate.
Open code423n4 opened 2 years ago
SamSteinGG
commented
2 years ago There can be no hard limit as block gas limits and gas cost fluctuate.
jack-the-pug
commented
2 years ago Downgraded to low as the adding of pairs is onlyOwner, and it's unlikely to happen in practice.
Handle
Jujic
Vulnerability details
There is no upper limit on
vaderPairs[], it increments each time when a new pair is added. Eventually, as the count of pair increases, gas cost of smart contract calls will raise and that there is no implemented function to reduce the array size.Impact
For every call functions which computed the Vaden price of a given par is listed in
vaderPairsarray, the gas consumption can be more expensive each time that a new collateral address is appended to the array, until reaching an "Out of Gas" error or a "Block Gas Limit" in the worst scenario. The same situation withusdvPairsarray.As a result, this situation can lead to the blocking of the pricing mechanism and loss reimbursement in the protocol.
Proof of Concept
https://github.com/code-423n4/2021-12-vader/blob/28d3405447f0c3353964ca755a42562840d151c5/contracts/lbt/LiquidityBasedTWAP.sol#L301
https://github.com/code-423n4/2021-12-vader/blob/28d3405447f0c3353964ca755a42562840d151c5/contracts/lbt/LiquidityBasedTWAP.sol#L488
Tools Used
Remix
Recommended Mitigation Steps
Add additional check for max array length or add remove function