chase-manning
commented
2 years ago Duplicate of #123
Closed code423n4 closed 2 years ago
chase-manning
commented
2 years ago Duplicate of #123
gzeoneth
commented
2 years ago Downgrading to Low / QA.
gzeoneth
commented
2 years ago Treating as warden's QA report.
JeeberC4
commented
2 years ago adding to wardens QA Report #173
Lines of code
https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/Controller.sol#L117 https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/pool/LiquidityPool.sol#L736 https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/StakerVault.sol#L260
Vulnerability details
Impact
There are loops that could grow too large to fit in a block and thus cause a denial of a service problem, e.g. governance can addAction but there is no way to remove it. if the actions array grows too large, functions that depend on it, e.g. getTotalEthRequiredForGas or _rebalanceVault that calls getStakedByActions, will be broken, as the block gas limit might not be enough to iterate over all the entries.
Recommended Mitigation Steps
Consider either adding a removal function or introducing a reasonable upper boundary.