search

code-423n4 / 2022-12-tigris-findings

8 stars 4 forks source link

[NAZ-M4] `claimGovFees()` Will Eventually Will Revert Because Of Block Gas Limit #587

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Lock.sol#L113

Vulnerability details

Impact

claimGovFees() function is looping through all bondNFT assets and does at least 5 * assets.length amount of external calls. This all consumes a lot of gas so, the function will revert.

Proof of Concept

This function will always revert depending on the amount of assets the bondNFT has and can cause additional issues within the protocol.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider limiting the amount of assets the loop can run through or break up the external calls into separate loops and functions.

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #24

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #377

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory