Skip to content

Latest commit

 

History

History
35 lines (23 loc) · 1.02 KB

056.md

File metadata and controls

35 lines (23 loc) · 1.02 KB

Decent Smoke Owl

High

DoS in OracleLess contract

Summary

pendingOrderIds array can grow indefinitely leading to inability to traverse all array items due to block gas limit.

Root Cause

  • No upper limit for pendingOrderIds array
  • It grows when users create new orders
  • It wont be possible to remove items when array is of such length as removing item require traversing the whole array.

pendingOrderIds: https://github.com/sherlock-audit/2024-11-oku/blob/ee3f781a73d65e33fb452c9a44eb1337c5cfdbd6/oku-custom-order-types/contracts/automatedTrigger/OracleLess.sol#L15 removeFromArray(): https://github.com/sherlock-audit/2024-11-oku/blob/ee3f781a73d65e33fb452c9a44eb1337c5cfdbd6/oku-custom-order-types/contracts/libraries/ArrayMutation.sol#L7C5-L29C6

Internal pre-conditions

N/A

External pre-conditions

N/A

Attack Path

User create many orders to grow the pendingOrderIds array.

Impact

Complete DoS for the OracleLess contract.

PoC

N/A

Mitigation

Consider adding an upper limit for the array.