Denial of Service Risk due to Unbounded Loop in Raffle Registration
register() iterates an unbounded loop driven by user input _amount with no upper cap, allowing a caller to push gas usage past the block limit and DoS the registration path.
Description
The register function in the MonadexV1Raffle contract contains an unbounded loop that poses a Denial of Service (DoS) risk.
The number of loop iterations is directly controlled by the user input _amount, without an upper bound. This could allow a malicious user or even a legitimate user to force the function to exceed the block gas limit, causing a Denial of Service.
Impact
- Denial of Service: A user can submit a transaction with a very large
_amount, causing the function to consume excessive gas and potentially block the execution which will end up reverting. - Contract Lockup: If the registration period is time-sensitive, this vulnerability could prevent legitimate users from registering before the deadline.
- Economic Damage: Failed transactions due to out-of-gas errors can result in lost gas fees for users attempting to register.
Recommendation
Implement a maximum limit on the number of slots that can be registered in a single transaction:
uint256 constant MAX_SLOTS_PER_TRANSACTION = 1000; // Adjust based on gas analysisfunction register(uint256 _amount) external notZero(_amount) returns (uint256) {// ... (existing checks)uint256 slotsToOccupy = _amount / RANGE_SIZE;require(slotsToOccupy <= MAX_SLOTS_PER_TRANSACTION, "Exceeds max slots per transaction");// ... (rest of the function)}
This mitigation prevents potential DoS attacks by limiting the loop's maximum iterations, ensuring the function's gas consumption remains within acceptable limits.
