Closed c4-bot-2 closed 5 months ago
as far as I am aware this is a standard inclusion
141345 marked the issue as insufficient quality report
lack detailed POC
This function is handle by an authorized gelato operator and will make sure the call is not reverting when it's called.
thereksfour marked the issue as unsatisfactory: Insufficient quality
0xCalibur (sponsor) disputed
Lines of code
https://github.com/code-423n4/2024-03-abracadabra-money/blob/main/src/staking/LockingMultiRewards.sol#L397
Vulnerability details
Impact
Detailed description of the impact of this finding.
Denial of Service: processExpiredLocks could be blocked by a single user with an expired lock, preventing others from processing.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
function processExpiredLocks(address[] memory users, uint256[] calldata lockIndexes) external onlyOperators { if (users.length != lockIndexes.length) { revert ErrLengthMismatch(); }
Tools Used
Recommended Mitigation Steps
we should call each function individual so that revert cannot cause DOS.
Assessed type
Context