Unbounded loops with external calls can run out of gas. It's possible for a proposal to not be executed if it has a large amount of instructions, causing a DoS on the contract availability.
Proof of Concept
In the executeProposal() function, the action for each instruction will be executed on a unbounded loop.
Lines of code
https://github.com/code-423n4/2022-08-olympus/blob/main/src/policies/Governance.sol#L265-L289
Vulnerability details
Impact
Unbounded loops with external calls can run out of gas. It's possible for a proposal to not be executed if it has a large amount of instructions, causing a DoS on the contract availability.
Proof of Concept
In the
executeProposal()
function, the action for each instruction will be executed on a unbounded loop.Recommended Mitigation Steps
Add a slice functionality into the function
executeProposal()
, to also enable iterations on a subsection ofinstructions
, instead of the entire array.This would ensure that even if a
proposal
has a large amount ofinstructions
, the actions can still be executed in batches.This could be done by adding a
startIndex
andendIndex
as function arguments.