Closed sherlock-admin closed 10 months ago
qpzm
medium
CvgERC721TimeLockingUpgradeable.getTokenIdsForWallet
CvgERC721TimeLockingUpgradeable.getTokenIdsForWallet will cause out of gas error when the number of tokens is large.
If a user has a large number of tokens, the function getTokenIdsForWallet will cause out of gas error.
getTokenIdsForWallet
function getTokenIdsForWallet(address _wallet) public view returns (uint256[] memory) { uint256 range = balanceOf(_wallet); uint256[] memory tokenIds = new uint256[](range); for (uint256 i; i < range; i++) { tokenIds[i] = tokenOfOwnerByIndex(_wallet, i); } return tokenIds; }
Out-of-gas error
https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Token/CvgERC721TimeLockingUpgradeable.sol#L38-L45
Manual Review
Add parameters uint256 start and uint256 end to getTokenIdsForWallet to allow users to get tokenIds in batches.
uint256 start
uint256 end
Invalid, lack of proof to show OOG and it is very unlikely that a user will own so much NFT that it causes an OOG error.
qpzm
medium
Out-of-gas error in
CvgERC721TimeLockingUpgradeable.getTokenIdsForWallet
Summary
CvgERC721TimeLockingUpgradeable.getTokenIdsForWallet
will cause out of gas error when the number of tokens is large.Vulnerability Detail
If a user has a large number of tokens, the function
getTokenIdsForWallet
will cause out of gas error.Impact
Out-of-gas error
Code Snippet
https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Token/CvgERC721TimeLockingUpgradeable.sol#L38-L45
Tool used
Manual Review
Recommendation
Add parameters
uint256 start
anduint256 end
togetTokenIdsForWallet
to allow users to get tokenIds in batches.