Open hats-bug-reporter[bot] opened 1 week ago
The complexity of the updateTokens function is indeed high, but it is necessary to ensure that all tokens are correctly sold, bought, and validated during the rebalancing process. These checks are essential for maintaining the integrity of the rebalancing process and ensuring that the portfolio tokens are correctly managed.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x227834fdffe74832b3d90051b5e9b71f198a4e5f21b40e4e99355a3304f53f49 Severity: medium
Description: Description\ DOS can be caused on updating tokens and weights as the memory complexity of update WEIGHT is 2N + 3M, where N is sellTokens array length and M is _newTokens length.
On update
Attack Scenario\ DOS can be caused on updating tokens and weights as the memory complexity of update WEIGHT is 2N + 3M, where N is sellTokens array length and M is _newTokens length.
On updating tokens, extra loops is introduced to are a round trip from updateWeights, introducing extra 3 loops, assuming sellTokens and newTokens length are same length of N, complexity is now 8N.
This can introduce expensive and hard to run transactions
Attachments
Proof of Concept (PoC) File A spread out updateTokens function gives