tserg
commented
8 months ago Closed c4-bot-1 closed 7 months ago
tserg
commented
8 months ago 
c4-pre-sort
commented
7 months ago bytes032 marked the issue as insufficient quality report
alex-ppg
commented
7 months ago The Warden denotes how a loop that pops elements from an array may result in a DoS due to an infinite loop; this is invalid as an array in Cairo by definition is finite. As the loop breaks whenever an element is not found, the code will properly break and continue its execution when necessary rendering this submission invalid.
c4-judge
commented
7 months ago alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-01-opus/blob/main/src/core/shrine.cairo#L2071
Vulnerability details
The issue arises from the lack of a clear exit condition in the inner loop that iterates over
original_yang_balances_copy. The loop continues as long asoriginal_yang_balances_copy.pop_front()returnsSome(original_yang_balance). If this condition is met indefinitely, the loop will continue without end, leading to an infinite loop. This could potentially cause the smart contract to hang or consume excessive resources.Vulnerable Code
https://github.com/code-423n4/2024-01-opus/blob/main/src/core/shrine.cairo#L2071
Impact
Mitigation
An explicit exit condition should be added to the inner loop. This could be achieved by checking the length of
original_yang_balances_copyat the start of each iteration and breaking the loop if the length is zero. Alternatively, the loop could be refactored to a for-loop that iterates over the elements oforiginal_yang_balances_copydirectly, which would automatically terminate once all elements have been processed.Assessed type
DoS