🚀
Smart Contract Auditors Space
  • 👋Welcome to the Smart Contract Auditors Space
  • Smart Contract Vulnerabilities
    • Anchor
      • FV-ANC-1 Arithmetic Operations
        • FV-ANC-1-CL1 Overflow/underflow in arithmetic operations
        • FV-ANC-1-CL2 Division by zero
        • FV-ANC-1-CL3 Arbitrary rounding
      • FV-ANC-2 Signer Checks
        • FV-ANC-2-CL1 Unvalidated signers
        • FV-ANC-2-CL2 No is_signer check
      • FV-ANC-3 Account/Ownership Validations
        • FV-ANC-3-CL1 Trying to modify an account without checking if it's writeable
        • FV-ANC-3-CL2 Trying to access account data without ownership checks
        • FV-ANC-3-CL3 Usage of UncheckedAccount without manual ownership check
        • FV-ANC-3-CL4 Usage of UncheckedAccount without manual signer check
        • FV-ANC-3-CL5 No is_initialized check when operating on an account
        • FV-ANC-3-CL6 Missing account constraints
        • FV-ANC-3-CL7 Duplicate mutable accounts
        • FV-ANC-3-CL8 Using ctx.remaining_accounts without manual ownership check
        • FV-ANC-3-CL9 Using ctx.remaining_accounts without manual discriminator check
        • FV-ANC-3-CL10 Using ctx.remaining_accounts without non-zero data check
        • FV-ANC-3-CL11 No reload after account mutation
        • FV-ANC-3-CL12 Not validating a set address
      • FV-ANC-4 PDA Security
        • FV-ANC-4-CL1 Using create_program_address
      • FV-ANC-5 Cross-Program Invocation (CPI)
        • FV-ANC-5-CL1 Lack of validation of external program before CPI
        • FV-ANC-5-CL2 CPI without signer seeds
        • FV-ANC-5-CL3 Not unsetting signer status before a CPI
        • FV-ANC-5-CL4 Passing unnecessary accounts to CPIs
      • FV-ANC-6 Error Handling
        • FV-ANC-6-CL1 Unclear error messages
      • FV-ANC-7 Token Operations
        • FV-ANC-7-CL1 Unvalidated token mint & owner
        • FV-ANC-7-CL2 Using init with an ATA
      • FV-ANC-8 System Account Validation
        • FV-ANC-8-CL1 Unvalidated sysvar address
      • FV-ANC-9 Type Cosplay
        • FV-ANC-9-CL1 Not using discriminators to validate account types
        • FV-ANC-9-CL2 Account structures without discriminators
      • FV-ANC-10 Closing accounts
        • FV-ANC-10-CL1 Closing accounts without zeroing data & setting a closed discriminator
        • FV-ANC-10-CL2 Operations on accounts marked as closed
        • FV-ANC-10-CL3 Unintended closure by close constraint
    • Solidity
      • FV-SOL-1 Reentrancy
        • FV-SOL-1-C1 Single Function
        • FV-SOL-1-C2 Cross Function
        • FV-SOL-1-C3 Cross Contract
        • FV-SOL-1-C4 Cross Chain
        • FV-SOL-1-C5 Dynamic
        • FV-SOL-1-C6 Read-Only
      • FV-SOL-2 Precision Errors
        • FV-SOL-2-C1 Token Decimals
        • FV-SOL-2-C2 Floating Point
        • FV-SOL-2-C3 Rounding
        • FV-SOL-2-C4 Division by Zero
        • FV-SOL-2-C5 Time-Based
      • FV-SOL-3 Arithmetic Errors
        • FV-SOL-3-C1 Overflow and Underflow
        • FV-SOL-3-C2 Sign Extension
        • FV-SOL-3-C3 Truncation in Type Casting
        • FV-SOL-3-C4 Misuse of Environment Variables
      • FV-SOL-4 Bad Access Control
        • FV-SOL-4-C1 Using tx.origin for Authorization
        • FV-SOL-4-C2 Unrestricted Role Assignment
        • FV-SOL-4-C3 Lack of Multi-Signature for Crucial Operations
      • FV-SOL-5 Logic Errors
        • FV-SOL-5-C1 Boundary Misalignment
        • FV-SOL-5-C2 Incorrect Conditionals
        • FV-SOL-5-C3 Improper State Transitions
        • FV-SOL-5-C4 Misordered Calculations
        • FV-SOL-5-C5 Event Misreporting
      • FV-SOL-6 Unchecked Returns
        • FV-SOL-6-C1 Unchecked Call Return
        • FV-SOL-6-C2 Unchecked Transfer Return
        • FV-SOL-6-C3 Silent Fail
        • FV-SOL-6-C4 False Positive Success Assumption
        • FV-SOL-6-C5 Partial Execution with No Rollback
        • FV-SOL-6-C6 False Contract Existence Assumption
      • FV-SOL-7 Proxy Insecurities
        • FV-SOL-7-C1 delegatecall Storage Collision
        • FV-SOL-7-C2 Function Selector Collision
        • FV-SOL-7-C3 Centralized Update Control
        • FV-SOL-7-C4 Uninitialized Proxy
      • FV-SOL-8 Slippage
        • FV-SOL-8-C1 Price Manipulation
        • FV-SOL-8-C2 Front-Running
        • FV-SOL-8-C3 Insufficient Liquidity
        • FV-SOL-8-C4 Unexpected Gas Increase
      • FV-SOL-9 Unbounded Loops
        • FV-SOL-9-C1 Dynamic Array
        • FV-SOL-9-C2 Unrestricted Mapping
        • FV-SOL-9-C3 Recursive Calls
        • FV-SOL-9-C4 Reentrancy Loops
        • FV-SOL-9-C5 Nested Loops
      • FV-SOL-10 Oracle Manipulation
        • FV-SOL-10-C1 Incorrect Compounding Mechanism
        • FV-SOL-10-C2 Price Drift
        • FV-SOL-10-C3 Manipulation Through External Markets
        • FV-SOL-10-C4 Time Lags
Powered by GitBook
On this page
  • TLDR
  • Code
  • Classifications
  • Mitigation Patterns
  • Batch Processing (FV-SOL-9-M1)
  • Gas Hard Limit (FV-SOL-9-M2)
  • Avoid Dynamic Data in Loops (FV-SOL-9-M3)
  • Events Instead of Iteration (FV-SOL-9-M4)
  • Actual Occurrences
  • Content

Was this helpful?

  1. Smart Contract Vulnerabilities
  2. Solidity

FV-SOL-9 Unbounded Loops

TLDR

Overly verbose iterations can result in failed transactions, denial of service, and reduced contract usability

Code

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract UnboundedLoopExample {
    address public owner;
    address[] public recipients;
    uint256 public rewardAmount = 1 ether;

    constructor() {
        owner = msg.sender;
    }

    // Adds a recipient to the list (for testing)
    function addRecipient(address _recipient) external {
        recipients.push(_recipient);
    }

    // Distributes rewards to all recipients in the array
    function distributeRewards() external {
        require(msg.sender == owner, "Only owner can distribute rewards");

        // Unbounded loop over dynamic array "recipients"
        for (uint256 i = 0; i < recipients.length; i++) {
            // For demonstration, we assume "transfer" sends the reward.
            // In practice, we might call an ERC20 transfer or similar function.
            (bool success, ) = recipients[i].call{value: rewardAmount}("");
            require(success, "Transfer failed");
        }
    }

    // Receive Ether to fund the contract
    receive() external payable {}
}

Classifications

FV-SOL-9-C1 Dynamic Array

FV-SOL-9-C2 Unrestricted Mapping

FV-SOL-9-C3 Recursive Calls

FV-SOL-9-C4 Reentrancy Loops

FV-SOL-9-C5 Nested Loops

Mitigation Patterns

Batch Processing (FV-SOL-9-M1)

Break down large loops into smaller batches, allowing users to process data over multiple transactions rather than a single on

Gas Hard Limit (FV-SOL-9-M2)

Set a gas threshold or limit for loop processing and exit the loop once it approaches that threshold

Avoid Dynamic Data in Loops (FV-SOL-9-M3)

Limit loop iterations to fixed-sized arrays or arrays with capped sizes. Avoid using user-input data or dynamic arrays in loop conditions

Events Instead of Iteration (FV-SOL-9-M4)

In cases where a function needs to notify many users or accounts, consider emitting events instead of looping through recipients, allowing users to handle their own state separately

Actual Occurrences

Content

PreviousFV-SOL-8-C4 Unexpected Gas IncreaseNextFV-SOL-9-C1 Dynamic Array

Last updated 6 months ago

Was this helpful?

https://solodit.cyfrin.io/issues/h-04-unbounded-loop-in-_removenft-could-lead-to-a-griefingdos-attack-code4rena-visor-visor-contest-git
Page cover image