search

sherlock-audit / 2023-11-covalent-judging

3 stars 2 forks source link

iberry - The function submitBlockSpecimenProof may be dos #124

Closed sherlock-admin closed 7 months ago

sherlock-admin commented 7 months ago

iberry

medium

The function submitBlockSpecimenProof may be dos

Summary

The function submitBlockSpecimenProof iterates through all specimenHashes and their participants to ensure a sender hasn't already submitted a specimen for the blockHash. If the number of specimenHashes or participants is large, this could cause the function to run out of gas, effectively preventing new submissions.

Vulnerability Detail

medium

Impact

The vulnerability could lead to a DoS scenario, preventing new submissions if the function encounters a large number of specimenHashes or participants

Code Snippet

https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/BlockSpecimenProofChain.sol#L328-L392

Tool used

Manual Review

Recommendation

split function and limit

sherlock-admin2 commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid: medium(11)

nevillehuang commented 6 months ago

Invalid, known issue as seen by the comment here, BLOCK_SPECIMEN_PRODUCER_ROLE should be aware when submitting block specimen proofs