Potential DOS attack in `finalizeSpecimenSession`

krkba

Summary

In the finalizeSpecimenSession function, there is a loop that could potentially run for a very long time if blockHashesRaw is large

Denial of Service (DoS) attack.

Manual Review

Limit the size of this array or using a pattern that doesn't require looping over every element.

sherlock-admin2 commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid: medium(2)

nevillehuang commented 6 months ago

Invalid, since specimenhashes are limited by quorum, this is highly unlikely if not impossible.