search

sherlock-audit / 2024-02-perennial-v2-3-judging

6 stars 5 forks source link

krkba - Missing check for array limit in `invoke` function. #14

Closed sherlock-admin2 closed 5 months ago

sherlock-admin2 commented 5 months ago

krkba

medium

Missing check for array limit in invoke function.

krkba

Summary

There is no check for array limit in invoke function, if the invocations array is large the function will exceed the block gas limit.

Vulnerability Detail

Assume that the caller has call invoke function with large amount of invocations , this function will exceed the gas limit of the block.

Impact

The transaction will revert, result in wasted gas fees .

Code Snippet

https://github.com/sherlock-audit/2024-02-perennial-v2-3/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L115-L164

Tool used

Manual Review

Recommendation

You can do bath processing for it.

sherlock-admin3 commented 5 months ago

2 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, this is user error

0xAadi commented:

Invalid

nevillehuang commented 4 months ago

Invalid, lack required PoC by sherlock for gas consumption issues as seen here