Platform: Code4rena
Start Date: 09/02/2024
Pot Size: $60,500 USDC
Total HM: 17
Participants: 283
Period: 12 days
Judge:
Id: 328
League: ETH
Rank: 258/283
Findings: 1
Award: $0.23
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: ahmedaghadi
Also found by: 0x13, 0xAleko, 0xDetermination, 0xKowalski, 0xPluto, 0xRiO, 0xvj, AlexCzm, Avci, BARW, BigVeezus, Cryptor, DeFiHackLabs, Draiakoo, Fitro, Giorgio, GoSlang, Greed, Honour, Kalogerone, KmanOfficial, Krace, McToady, MidgarAudits, MrPotatoMagic, Nyxaris, ReadyPlayer2, Ryonen, SovaSlava, SpicyMeatball, VAD37, _eperezok, alexzoid, almurhasan, btk, cu5t0mpeo, deadrxsezzz, djxploit, dvrkzy, emrekocak, erosjohn, evmboi32, fnanni, grearlake, inzinko, jesjupyter, jesusrod15, josephdara, ke1caM, klau5, ktg, ladboy233, merlinboii, nuthan2x, peanuts, pipidu83, pontifex, radev_sw, sl1, sobieski, soliditywala, t0x1c, taner2344, vnavascues, y4y, yovchev_yoan, zaevlad
0.2347 USDC - $0.23
Claiming Rewards can consume too much gas and revert unexpectedly
The function claim rewards allows a user to batch claim rewards for multiple rounds
function claimRewards( string[] calldata modelURIs, string[] calldata modelTypes, uint256[2][] calldata customAttributes ) external { uint256 winnersLength; uint32 claimIndex = 0; uint32 lowerBound = numRoundsClaimed[msg.sender]; for (uint32 currentRound = lowerBound; currentRound < roundId; currentRound++) { numRoundsClaimed[msg.sender] += 1; winnersLength = winnerAddresses[currentRound].length; for (uint32 j = 0; j < winnersLength; j++) { if (msg.sender == winnerAddresses[currentRound][j]) { _fighterFarmInstance.mintFromMergingPool( msg.sender, modelURIs[claimIndex], modelTypes[claimIndex], customAttributes[claimIndex] ); claimIndex += 1; } } } if (claimIndex > 0) { emit Claimed(msg.sender, claimIndex); } }
However, upon closer examination, there are several nested for loops. If the function has not claimed rewards for several rounds, then the function could end up consuming a lot of gas that could reach the gas limit. This is in part because the amount of rounds that has passed and the length of the winners, are unbounded, meaning that the gas consumption will scale depending on the length of these variables.
In addition, the potential for up to 10 fighters to be minted per user exacerbates the problem, making the cost of this transaction more expensive over time.
Manual Review
Rewrite the function so that it consumes less gas
DoS
#0 - c4-pre-sort
2024-02-23T23:39:42Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-02-23T23:39:58Z
raymondfam marked the issue as duplicate of #1541
#2 - c4-judge
2024-03-11T13:00:18Z
HickupHH3 marked the issue as duplicate of #216
#3 - c4-judge
2024-03-11T13:07:53Z
HickupHH3 marked the issue as partial-50
#4 - c4-judge
2024-03-21T02:05:46Z
HickupHH3 marked the issue as satisfactory