excessive gas uses unnecessarily, lead to revert in trasaction due to high gas cost with large numRecipients
c4-bot-3 opened this issue · 0 comments
Lines of code
Vulnerability details
Impact
Excessive Gas Usage and denial of service in depositBatch function in RewardControl contract, this function changing state with emitting events in a for loop in one transaction.
Proof of Concept
Suppose we have 1000 number of recipients in a batch. An attacker could potentially craft a transaction with a very large numRecipients and a small gas limit to force the transaction to fail, potentially locking the functionality for other users if not handled correctly.
If numRecipients is large (e.g., over 10,000), iterating through the loop can consume a significant amount of gas. In Ethereum and other EVM-compatible blockchains, this can lead to transactions running out of gas, making them revert and thus preventing the function from completing successfully.
Emitting an event within the loop for each recipient will result in high gas costs, especially when numRecipients is large. Events are relatively expensive operations in terms of gas, so emitting an event inside a loop could significantly increase the gas required for the transaction.
Tools Used
Manual Review
Recommended Mitigation Steps
Batch Processing: Instead of processing all recipients in a single transaction, consider splitting the operation into smaller, manageable batches to avoid exceeding gas limits.
Event Optimization: Emit a single event with all relevant data outside the loop rather than emitting an event for each recipient. This reduces gas costs and the potential for running out of gas.
Validation: Add checks for non-zero amounts and ensure array lengths are consistent.
Assessed type
Other