Closed code423n4 closed 1 year ago
Intended, there is an implied limit on the number of borrower/lender constrained by block size. More borrower/lender can be added later if necessary.
To be clear, the function call may fail but it can just be called again with a smaller list until it passes. After that, the subset of desired approved addresses can self expand the list as needed.
Lines of code
https://github.com/FraxFinance/fraxlend/blob/0f9bc5ddd6872fba04f4d8fb67c92a88416d19b2/src/contracts/FraxlendPairCore.sol#L265 https://github.com/FraxFinance/fraxlend/blob/main/src/contracts/FraxlendPairCore.sol#L270
Vulnerability details
Impact
Detailed description of the impact of this finding.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. https://github.com/FraxFinance/fraxlend/blob/0f9bc5ddd6872fba04f4d8fb67c92a88416d19b2/src/contracts/FraxlendPairCore.sol#L265
Even though the array is calldata, there are possibilities of failure due to the imprecise length of the array to be looped. If the array is over a thousand, say three thousand each for borrowers and 3 thousand for lenders, the loop will require a much gas fee to call the function.
Tools Used
Remix to determine the costs of a function call.
Recommended Mitigation Steps
It’s recommended that a precise value is provided for the for-loop to iterate. When it’s definite, for instance, 200 each, with enough gas fee to cover the function call, the function call will be successful.