Open code423n4 opened 7 months ago
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.
Simon-Busch marked the issue as nullified
Simon-Busch marked the issue as not nullified
Simon-Busch marked the issue as unsatisfactory: Insufficient proof
Simon-Busch removed the grade
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged.
Lines of code
96, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485, 505, 505, 505, 505, 505, 505, 505, 505, 505, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 664, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 105, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382, 382
Vulnerability details
Array entries are added but are never removed. The array is also iterated over while making state changes, which means that it's possible for an attacker to add so many entries to the array that when it's iterated over by another user, the transaction runs out of gas before all of the iterations are complete, leading to a DOS/bricking of the contract.
Assessed type
other