Array entries are added but are never removed. The array is also iterated over while making state changes, which means that it's possible for an attacker to add so many entries to the array that when it's iterated over by another user, the transaction runs out of gas before all of the iterations are complete, leading to a DOS/bricking of the contract.
File: contracts/TapiocaWrapper.sol
/// @audit harvestFees() : harvestableTapiocaOFTs[] :
96 /// @notice Harvest fees from all the deployed TOFT contracts. Fees are transferred to the owner.
97 function harvestFees() external {
98 for (uint256 i = 0; i < harvestableTapiocaOFTs.length; i++) {
99 harvestableTapiocaOFTs[i].harvestFees();
100: }
Lines of code
96, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485, 505, 505, 505, 505, 505, 505, 505, 505, 505, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382
Vulnerability details
Array entries are added but are never removed. The array is also iterated over while making state changes, which means that it's possible for an attacker to add so many entries to the array that when it's iterated over by another user, the transaction runs out of gas before all of the iterations are complete, leading to a DOS/bricking of the contract.
Assessed type
other