Closed sherlock-admin closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, OOG is highly unlikely given validators can only be added by trusted staking manager via addValidators()
bareli
medium
out of gas can happen due to totalValueLocked.
Summary
totalValueLocked calculation may cause DOS attack.
Vulnerability Detail
@> for (uint128 i = 0; i < validatorsN; i++) { Validator storage v = _validators[i]; Staking storage s = v.stakings[delegator]; totalValueLocked = _sharesToTokens(s.shares, v.exchangeRate); if (v._address == delegator) totalValueLocked += v.commissionAvailableToRedeem; Unstaking[] memory unstakings = v.unstakings[delegator]; uint256 unstakingsN = unstakings.length; @> for (uint256 j = 0; j < unstakingsN; j++) { totalValueLocked += unstakings[j].amount; } }
Impact
due to too much loop contact may get out of gas.
Code Snippet
https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/OperationalStaking.sol#L844
Tool used
Manual Review
Recommendation
use the mapping to calculate the totalValueLocked.