search

code-423n4 / 2024-02-ai-arena-findings

4 stars 3 forks source link

Possible DoS in claimRewards due to out of gas #2006

Closed c4-bot-6 closed 8 months ago

c4-bot-6 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/MergingPool.sol#L139 https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/MergingPool.sol#L149 https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/MergingPool.sol#L152

Vulnerability details

Impact

Winners may never successfully claim their rewards due to running out of gass when calling the MergingPool.claimRewards function.

Description

The inefficiency of the MergingPool.claimRewards arises from its double-loop structure. It begins by iterating from numRoundsClaimed[msg.sender] to currentRound < roundId and then proceeds to loop through the list of winners (i.e. winnerAddresses[currentRound][j]) until it finds the corresponding address. This approach becomes notably inefficient when an address has accumulated wins across multiple rounds but has not claimed rewards previously. The function's design results in unnecessary iterations, leading to increased gas consumption and diminished performance for users with a history of unclaimed wins.

Just being the first winner address and claiming the previous round ID reward costs ~840k gas units.

Proof Of Concept

NA

Tools Used

Forge tests for gas estimation and manually reviewed.

Recommended Mitigation Steps

A recommended first step in mitigating this issue is to adjust the MergingPool.claimRewards function to facilitate claiming rewards for individual rounds. Additionally, it is advisable to explore the use of an iterable mapping for efficiently checking if an address has won in a specific round, especially considering the anticipated number of addresses in winnerAddresses per round. The adoption of an iterable mapping not only enhances efficiency but also helps prevent the presence of duplicated addresses.

Assessed type

DoS

c4-pre-sort commented 8 months ago

raymondfam marked the issue as sufficient quality report

c4-pre-sort commented 8 months ago

raymondfam marked the issue as duplicate of #1541

c4-judge commented 8 months ago

HickupHH3 marked the issue as duplicate of #216

c4-judge commented 8 months ago

HickupHH3 marked the issue as partial-50

c4-judge commented 8 months ago

HickupHH3 marked the issue as satisfactory