c4-judge
commented
1 year ago kirk-baird marked the issue as duplicate of #135
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago kirk-baird marked the issue as duplicate of #135
c4-judge
commented
1 year ago kirk-baird marked the issue as satisfactory
Judge has assessed an item in Issue #648 as 2 risk. The relevant finding follows:
Summary:
The claim function in the Quest contract has an unbounded array vulnerability that could lead to an Out-of-Gas (OOG) error and make the contract unresponsive. The vulnerability occurs because the setClaimed function is being called with an arbitrarily long tokenIds array, which could consume all the gas in the block, causing the transaction to fail.
Impact:
An attacker could submit a malicious transaction that contains a long array, causing the claim function to run out of gas, and making the contract unresponsive. This could result in a Denial-of-Service (DoS) attack on the contract.
Recommendation: To prevent this vulnerability, the size of the tokenIds array should be limited to a reasonable number of items. For example, you could limit the length of the tokenIds array to 256 items. Additionally, you should perform a gas check before calling the _setClaimed function to ensure that there is enough gas available to complete the transaction.
Example:
// Limit the size of the tokenIds_ array to 256 items function claim() public virtual onlyQuestActive { if (isPaused) revert QuestPaused();