getPositionIdsByOwner() will always be reverted if nextPositionId is too big
Summary
getPositionIdsByOwner() will always be reverted if nextPositionId is too big. If some third-party protocols try to integrate with Blueberry, they will fail to get results of getPositionIdsByOwner() due to too many positions in Blueberry bank.
Vulnerability Detail
getPositionIdsByOwner() gets all position ids of a specific owner, the function iterates all positions[] array to find ids.
But if the nextPositionId is too big, the for loop will always be reverted. Nobody is able to get the results of getPositionIdsByOwner().
Impact
Third-party protocols will always be reverted when they call getPositionIdsByOwner() due to too many positions in Blueberry bank. It causes the loss of third-party protocols, and also the decline of blueberry's reputation.
GimelSec
medium
getPositionIdsByOwner()will always be reverted ifnextPositionIdis too bigSummary
getPositionIdsByOwner()will always be reverted ifnextPositionIdis too big. If some third-party protocols try to integrate with Blueberry, they will fail to get results ofgetPositionIdsByOwner()due to too many positions in Blueberry bank.Vulnerability Detail
getPositionIdsByOwner()gets all position ids of a specific owner, the function iterates allpositions[]array to find ids.But if the
nextPositionIdis too big, the for loop will always be reverted. Nobody is able to get the results ofgetPositionIdsByOwner().Impact
Third-party protocols will always be reverted when they call
getPositionIdsByOwner()due to too many positions in Blueberry bank. It causes the loss of third-party protocols, and also the decline of blueberry's reputation.Code Snippet
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L315-L333
Tool used
Manual Review
Recommendation
Use pagination in
getPositionIdsByOwner(), or create a mapping for owner and positionIds.Duplicate of #77