Closed sherlock-admin2 closed 5 months ago
3 comment(s) were left on this issue during the judging contest.
z3s commented:
Invalid; Denial-of-Service issues require proof of concept (POC), and this issue does not result in the locking of funds or the unavailability of functions. Users can utilize shorter arrays.
takarez commented:
the call will just revert and not affect other users.
FSchmoede commented:
Invalid, as this would only be an issue for the user himself/herself, thus not affecting anyone else.
1337web3
medium
Medium 01 DoS
Summary
The code snippet implements a loop iterating over an array called invocations, storing each element in an Invocation struct. Our audit identified a potential Denial of Service (DoS) vulnerability associated with this loop structure.
Vulnerability Detail
The vulnerability arises due to the lack of constraint on the size of the invocations array. As the loop iterates over each element, it could consume excessive gas, potentially leading to a DoS attack if the array size is unbounded or excessively large.
https://github.com/sherlock-audit/2024-05-kwenta-x-perennial-integration-update/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L143-L188
Impact
If exploited, the vulnerability could result in a DoS attack, causing the system to become unresponsive or exhaust gas resources, disrupting normal operations.
Code Snippet
Tool used
Manual Review
Recommendation
_invokeOne
function for only one invocation: A function handling only one invocation on top of the already present_invoke
function will decrease the usage of the vulnerable of DoS_invoke
function.