If users enter too many markets, they will not be able to exit.
Summary
Functions with gas consumption exceeding the block's gas limit will not be able to complete.
The deleteElement function in the Arrays library loops through the number of elements in the largest case, but this may exceed the gas limit, in which case the function reverts.
Vulnerability Detail
In _exitMarket of ironbank, allEnteredMarkets[user].deleteElement(market) tries to delete the market from the array.
However, if the deleteElement process exceeds the gas limit, the function always reverts.
Impact
Functions containing _exitMarket can no longer be invoked.
innertia
medium
If users enter too many markets, they will not be able to exit.
Summary
Functions with gas consumption exceeding the block's gas limit will not be able to complete. The
deleteElementfunction in the Arrays library loops through the number of elements in the largest case, but this may exceed the gas limit, in which case the function reverts.Vulnerability Detail
In
_exitMarketof ironbank,allEnteredMarkets[user].deleteElement(market)tries to delete the market from the array. However, if thedeleteElementprocess exceeds the gas limit, the function always reverts.Impact
Functions containing
_exitMarketcan no longer be invoked.Code Snippet
https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/protocol/pool/IronBank.sol#L961 https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/protocol/pool/IronBank.sol#L442 https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/protocol/pool/IronBank.sol#L885 https://github.com/sherlock-audit/2023-05-ironbank/blob/9ebf1702b2163b55479624794ab7999392367d2a/ib-v2/src/protocol/pool/IronBank.sol#L1002
Tool used
Manual Review
Recommendation
Limit the number of markets a user can enter