Closed sherlock-admin2 closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
karanctf commented:
same as #35
Invalid, setTokensPrice is an admin permissioned function, invalid based on sherlock OOG rules
- Out of Gas: Issues that result in Out of Gas errors either by the malicious user filling up the arrays or there is a practical call flow that results in OOG can be considered a valid medium or in cases of blocking all user funds forever maybe a valid high. Exception: In case the array length is controlled by the trusted admin/owner or the issue describes an impractical usage of parameters to reach OOG state then these submissions would be considered as low.
bareli
medium
Gas Limitations:
Summary
Gas Limitations: The contract operations that loop over arrays (e.g., setTokensPrice) should be monitored for potential out-of-gas errors if the arrays are too large.
Vulnerability Detail
@> for (uint256 i = 0; i < tokens.length; ++i) { if (haveWrittenToken[i] == 1) continue;
Impact
out-of-gas errors if the arrays are too large.
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Pool/D3Maker.sol#L227
Tool used
Manual Review
Recommendation
Set a limit on array size.