As a result, the activeProtectionIndexes array could grow quite large, the transaction’s gas cost could exceed the block gas limit and make it impossible to call this function lockCapital() at all. Since inside the for loop, there are storage load and function calls, the gas cost of these are relatively high.
Consider introducing a reasonable upper limit based on block gas limits. For large size activeProtectionIndexes array, the handling of accruing Premium can be break into separate parts with different function calls, and combine the results at last in another function.
141345
medium
DoS when accruing Premium
Summary
The
activeProtectionIndexesarray could grow unbounded and result in DoS when accruing Premium.Vulnerability Detail
When crate protection, there is no limit on how many protections can be created.
As a result, the
activeProtectionIndexesarray could grow quite large, the transaction’s gas cost could exceed the block gas limit and make it impossible to call this functionlockCapital()at all. Since inside the for loop, there are storage load and function calls, the gas cost of these are relatively high.Impact
The pool could fail to accrue Premium. The contract could not deliver expected functionality.
Code Snippet
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/pool/ProtectionPool.sol#L980-L1020
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/pool/ProtectionPool.sol#L871-L882
Tool used
Manual Review
Recommendation
Consider introducing a reasonable upper limit based on block gas limits. For large size
activeProtectionIndexesarray, the handling of accruing Premium can be break into separate parts with different function calls, and combine the results at last in another function.Duplicate of #63