oishun1112
commented
2 years ago @kohshiba I think we need to set this
Open code423n4 opened 2 years ago
oishun1112
commented
2 years ago @kohshiba I think we need to set this
takadr
commented
2 years ago @oishun1112 Does this mean for each pool the number of indices that can add the pool should be limited? Like the limitation on the number of pools each index can add. https://github.com/code-423n4/2022-01-insure/blob/main/contracts/IndexTemplate.sol#L593
oishun1112
commented
2 years ago @takadr Yes, we need to limit the number of PoolTemplates indexed by IndexTemplate. This indexList issue is little bit complicated (have to change multiple places), so I'm going to do myself. Thank you!
0xean
commented
2 years ago Upgrading to sev-2 as this will eventually affect the availability of the protocol as transactions revert.
Handle
Dravee
Vulnerability details
Impact
The transactions could fail if the array get too big and the transaction would consume more gas than the block limit. This will then result in a denial of service for the desired functionality and break core functionality.
Proof of Concept
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/PoolTemplate.sol#L703
Tools Used
VS Code
Recommended Mitigation Steps
Keep the array size small.