Open code423n4 opened 7 months ago
@geoffchan23 Sponsors can only use these labels: sponsor confirmed
, sponsor disputed
, sponsor acknowledged
, and disagree with severity
.
@geoffchan23 Sponsors can only use these labels: sponsor confirmed
, sponsor disputed
, sponsor acknowledged
, and disagree with severity
.
@geoffchan23 Sponsors can only use these labels: sponsor confirmed
, sponsor disputed
, sponsor acknowledged
, and disagree with severity
.
Lines of code
96, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485, 505, 505, 505, 505, 505, 505, 505, 505, 505, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382
Vulnerability details
Array entries are added but are never removed. The array is also iterated over while making state changes, which means that it's possible for an attacker to add so many entries to the array that when it's iterated over by another user, the transaction runs out of gas before all of the iterations are complete, leading to a DOS/bricking of the contract.
Assessed type
other