search

sherlock-audit / 2024-03-nouns-dao-2-judging

1 stars 0 forks source link

bareli - DOS can happen. #49

Closed sherlock-admin2 closed 4 months ago

sherlock-admin2 commented 4 months ago

bareli

medium

DOS can happen.

Summary

Gas Limitations: Loops over arrays without bounds could cause out-of-gas issues.

Vulnerability Detail

function checkForDuplicates(address[] calldata erc20tokens) internal pure { if (erc20tokens.length == 0) return;

    for (uint256 i = 0; i < erc20tokens.length - 1; i++) {
        for (uint256 j = i + 1; j < erc20tokens.length; j++) {
    @>        if (erc20tokens[i] == erc20tokens[j]) revert DuplicateTokenAddress();
        }
    }
}

Impact

Loops over arrays without bounds could cause out-of-gas issues.

Vulnerability Detail

Code Snippet

https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/governance/NounsDAOAdmin.sol#L570

Tool used

Manual Review

Recommendation

use a limit on erc20tokens.length .

sherlock-admin2 commented 4 months ago

2 comment(s) were left on this issue during the judging contest.

WangAudit commented:

tokens can be added only by admin; therefore; I believe they will pick an appropriate number

karanctf commented:

erc20 tokens list is limited