`claim` can run out of gas #633

code423n4 · 2023-01-30T19:03:07Z

Lines of code

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/Quest.sol#L104

Vulnerability details

Impact

If the claim function runs out of gas, the caller can never claim any rewards without transferring the nfts to another address first

Proof of Concept

Currently, the claim function loops over the msg.senders NFT's. If this list ever becomes too large, the function will run out of gas.

Tools Used

VSCode

Recommended Mitigation Steps

Consider implementing pagination for reward claiming.

The text was updated successfully, but these errors were encountered:

c4-judge · 2023-02-06T23:10:02Z

kirk-baird marked the issue as duplicate of #135

c4-judge · 2023-02-14T09:17:02Z

kirk-baird marked the issue as satisfactory

code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Jan 30, 2023

code423n4 added a commit that referenced this issue Jan 30, 2023

betweenETHlines issue #633

cf7756e

c4-judge closed this as completed Feb 6, 2023

c4-judge added the duplicate-135 label Feb 6, 2023

c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Feb 14, 2023

c4-judge added duplicate-552 and removed duplicate-135 labels Feb 14, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`claim` can run out of gas #633

`claim` can run out of gas #633

code423n4 commented Jan 30, 2023

c4-judge commented Feb 6, 2023

c4-judge commented Feb 14, 2023

claim can run out of gas #633

claim can run out of gas #633

Comments

code423n4 commented Jan 30, 2023

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

c4-judge commented Feb 6, 2023

c4-judge commented Feb 14, 2023

`claim` can run out of gas #633

`claim` can run out of gas #633