-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unbounded loop when claiming the NFT reward #135
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
duplicate-552
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
code423n4
added
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
labels
Jan 27, 2023
c4-judge
added
the
primary issue
Highest quality submission among a set of duplicates
label
Feb 5, 2023
kirk-baird marked the issue as primary issue |
This was referenced Feb 5, 2023
DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost
#552
Open
waynehoover marked the issue as disagree with severity |
c4-sponsor
added
the
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
label
Feb 7, 2023
Same comment as #403 (comment) |
kirk-baird marked the issue as satisfactory |
c4-judge
added
the
satisfactory
satisfies C4 submission criteria; eligible for awards
label
Feb 14, 2023
c4-judge
added
duplicate-552
and removed
primary issue
Highest quality submission among a set of duplicates
labels
Feb 14, 2023
kirk-baird marked issue #552 as primary and marked this issue as a duplicate of 552 |
Discussion about severity can be seen in #403 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
duplicate-552
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Quest.sol#L99
Vulnerability details
Impact
Unbounded loop when claiming the NFT reward.
Proof of Concept
The code contains two unbounded loop that can consume all gas and revert the tranasction when claming the reward
The first one is:
iterate over the nft owned by msg.sender given the questId,
the owner coulld have 10 NFT but purchase 100 NFT, the loop needs to run 110 times.
The second unbounded loop is when we mark all NFT as used, the same amout of loop needs to run again.
_setClaimed(tokens);
Which can be very gas costly.
Tools Used
Manual Review
Recommended Mitigation Steps
We recommend the protocol set upper limit for the generated and claimable NFT number
The text was updated successfully, but these errors were encountered: