Submission Details

#166 Arrays can grow in size without a way to shrink them

Severity

Low Risk

Relevant GitHub Links

https://github.com/Cyfrin/2023-12-stake-link/blob/main/contracts/core/sdlPool/SDLPoolSecondary.sol#L75-L371

Summary

Growth of arrays in smart contracts, leading to potential out-of-gas errors and a permanent lock of array elements when reaching maximum size.

Vulnerability Details

As these arrays cannot shrink, if the array has a maximum size, it won't be possible to change its elements once it reaches that size. Otherwise, it can grow indefinitely in size, which can increase the likelihood of out-of-gas errors.

}75:         currentMintLockIdByBatch.push(0);
}76:         queuedNewLocks.push();
}77:         queuedNewLocks.push();
}323:         queuedNewLocks.push();
}344:         currentMintLockIdByBatch.push(_mintStartIndex);
}371:         queuedNewLocks[updateBatchIndex].push(lock);

Impact

Users might encounter failed transactions due to out-of-gas errors, leading to a loss of funds spent on gas. Moreover, the contract might reach a state where it is no longer possible to update or manage certain elements, leading to a loss of functionality and potentially locking in assets or states permanently.

Tools Used

Manual Review

Recommendations

Integrate functions to remove elements

Comments and Activity

Lead Judging Started

0kage Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

unbounded-locks

getLockIdsByOwner could be very gas intensive and revert