c4-pre-sort
commented
9 months ago 0xRobocop marked the issue as duplicate of #729
Closed c4-bot-5 closed 9 months ago
c4-pre-sort
commented
9 months ago 0xRobocop marked the issue as duplicate of #729
c4-judge
commented
8 months ago 0xA5DF changed the severity to QA (Quality Assurance)
c4-judge
commented
8 months ago 0xA5DF marked the issue as grade-c
0xA5DF
commented
8 months ago Low quantity
Lines of code
https://github.com/code-423n4/2024-02-althea-liquid-infrastructure/blob/main/liquid-infrastructure/contracts/LiquidInfrastructureERC20.sol#L213-L231
Vulnerability details
Impact
If there are too many
holders(More than 1000, which is not unrealistic) & the number of reward tokens is more than a couple, because of the nested for-loops and constant sloads(even though some of them will be warm) + stores(most of them will be from non-zero to non-zero value, which is still 5k gas on write though), a DoS can occur. The contract should be heavily optimized in order to save the redundant sloads, but even then DoS might occur, so a public/external function should be exposed so that holders can themselfes claim their rewards, therefore DoS/out of gas errors can be preventedTools Used
Mannual review
Recommended Mitigation Steps
Use
Pullinstead ofPush, when it comes to distributing rewardsAssessed type
DoS