c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
Open code423n4 opened 1 year ago
c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
minhquanym
commented
1 year ago Consider QA
c4-pre-sort
commented
1 year ago minhquanym marked the issue as primary issue
c4-judge
commented
11 months ago dmvt changed the severity to QA (Quality Assurance)
c4-judge
commented
11 months ago dmvt marked the issue as grade-b
Lines of code
https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/governance/twTAP.sol#L196 https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/governance/twTAP.sol#L413
Vulnerability details
Impact
rewardTokensarray can get too big causing functions that iterate over it to run out of gasProof of Concept
In
rewardTokensof twpTAP.sol, reward tokens are stored as an array which will be loop through within several functions.For example,
claimable()always loops through therewardTokensto calculate the claimable rewards. Another function,advanceWeek()is called to advance the epoch week, again, loops through eachrewardTokens, to shift forward the prior week's rewards to the current.Currently, there isn't a way to remove tokens, which is problematic because these loops can run out of gas if
rewardTokensgets too large. This is a medium likelihood event, considering that certain tokens are depreciated overtime.Tools Used
Manual
Recommended Mitigation Steps
Consider adding a function that will allow tokens to be removed from
rewardTokens.Assessed type
DoS