In several aspects, the contract BasketHandler.sol use of recursive calls or iterations that could potentially run indefinitely or until the system reaches its gas limit, resulting in Denial of Service or other unwanted system performance impediments.
Appropriate measures must be taken into consideration to prevent such occurrences.
Proof of Concept
In the _switchBasket function, the _newBasket.nextBasket() is called without any safety measures. This could result in an infinite recursive loop because nextBasket is iterating over _targetNames, and it doesn't seem to have any condition to break or exit the loop.
Lines of code
https://github.com/reserve-protocol/protocol/blob/master/contracts/p1/BasketHandler.sol#L598-L624
Vulnerability details
Impact
In several aspects, the contract BasketHandler.sol use of recursive calls or iterations that could potentially run indefinitely or until the system reaches its gas limit, resulting in Denial of Service or other unwanted system performance impediments.
Appropriate measures must be taken into consideration to prevent such occurrences.
Proof of Concept
In the
_switchBasket
function, the_newBasket.nextBasket()
is called without any safety measures. This could result in an infinite recursive loop becausenextBasket
is iterating over_targetNames
, and it doesn't seem to have any condition to break or exit the loop.https://github.com/reserve-protocol/protocol/blob/master/contracts/p1/BasketHandler.sol#L598-L624
Tools Used
Manual Review
Recommended Mitigation Steps
It is strongly recommended to put appropriate measures to prevent unintended infinite or overly long loops in functions. Such measures may include:
Assessed type
DoS