Submission Details

#166 Arrays can grow in size without a way to shrink them


Low Risk

Relevant GitHub Links


Growth of arrays in smart contracts, leading to potential out-of-gas errors and a permanent lock of array elements when reaching maximum size.

Vulnerability Details

As these arrays cannot shrink, if the array has a maximum size, it won't be possible to change its elements once it reaches that size. Otherwise, it can grow indefinitely in size, which can increase the likelihood of out-of-gas errors.

}75:         currentMintLockIdByBatch.push(0);
}76:         queuedNewLocks.push();
}77:         queuedNewLocks.push();
}323:         queuedNewLocks.push();
}344:         currentMintLockIdByBatch.push(_mintStartIndex);
}371:         queuedNewLocks[updateBatchIndex].push(lock);


Users might encounter failed transactions due to out-of-gas errors, leading to a loss of funds spent on gas. Moreover, the contract might reach a state where it is no longer possible to update or manage certain elements, leading to a loss of functionality and potentially locking in assets or states permanently.

Tools Used

Manual Review


Integrate functions to remove elements

Comments and Activity

Lead Judging Started

0kage Lead Judge 4 months ago
Submission Judgement Published
Assigned finding tags:


getLockIdsByOwner could be very gas intensive and revert