Platform: Code4rena
Start Date: 28/09/2023
Pot Size: $36,500 USDC
Total HM: 5
Participants: 115
Period: 6 days
Judge: 0xDjango
Total Solo HM: 1
Id: 290
League: ETH
Rank: 57/115
Findings: 1
Award: $32.27
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xDetermination
Also found by: 0xblackskull, 0xweb3boy, ADM, Breeje, Pessimistic, PwnStars, SBSecurity, Satyam_Sharma, ThreeSigma, al88nsk, blutorque, debo, dethera, maanas, neumo, oakcobalt, pina, said, sces60107, tapir, tsvetanovv, xAriextz
32.2731 USDC - $32.27
https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L200-L230
This will persistently cause DOS on updateScores() function. Depending on how big the deficiency is.
After writing test case in foundry is show continuously
[â °] Compiling... No files changed, compilation skipped
Because continue comes before ++i, this non-incremented iteration is repeatedly executed till gas is run out, after refactored the code (you can see in Recommended Mitigation Steps code) it work perfectly.
Here is another example https://github.com/sherlock-audit/2023-02-olympus-judging/issues/125
Code review and solodit
Consider having the affected code logic refactored as follows:
- for (uint256 i = 0; i < users.length; ) { + for (uint256 i = 0; i < users.length; ++i) { address user = users[i]; if (!tokens[user].exists) revert UserHasNoPrimeToken(); if (isScoreUpdated[nextScoreUpdateRoundId][user]) continue; address[] storage _allMarkets = allMarkets; for (uint256 j = 0; j < _allMarkets.length; ) { address market = _allMarkets[j]; _executeBoost(user, market); _updateScore(user, market); unchecked { j++; } } pendingScoreUpdates--; isScoreUpdated[nextScoreUpdateRoundId][user] = true; - unchecked { - i++; - } emit UserScoreUpdated(user); }
Context
#0 - c4-pre-sort
2023-10-05T20:07:07Z
0xRobocop marked the issue as duplicate of #556
#1 - c4-judge
2023-11-01T20:21:52Z
fatherGoose1 marked the issue as satisfactory