Ethereum is a very resource-constrained environment. Prices per computational step are orders of magnitude higher than with centralized providers. Moreover, Ethereum miners impose a limit on the total number of gas consumed in a block. If array.length is large enough, the function exceeds the block gas limit, and transactions calling it will never be confirmed:

for (uint256 i = 0; i < array.length ; i++) {
    cosltyFunc();
}

This becomes a security issue, if an external actor influences array.length. E.g., if array enumerates all registered addresses, an adversary can register many addresses, causing the problem described above.

Vulnerability type by SmartDec classification: Infinite loops.

Solidity : Costly loop

DerScanner Severity Score

Do you want to fix Solidity : Costly loop in your application?

See also