Home / Vulnerability Database / Solidity : Costly loop
Solidity
Solidity : Costly loop
Overview
Ethereum is a very resource-constrained environment. Prices per computational step are orders of magnitude higher than with centralized providers. Moreover, Ethereum miners impose a limit on the total number of gas consumed in a block. If array.length is large enough, the function exceeds the block gas limit, and transactions calling it will never be confirmed:
for (uint256 i = 0; i < array.length ; i++) {
cosltyFunc();
}
This becomes a security issue, if an external actor influences array.length.
E.g., if array enumerates all registered addresses, an adversary can register many addresses, causing the problem described above.
Vulnerability type by SmartDec classification: Infinite loops.
References
MEDIUM
DerScanner Severity Score
Do you want to fix Solidity : Costly loop in your application?
See also
Solidity
Solidity : Return value of transfer, transferFrom, or approve function of ERC-20 standard is always false.
Solidity
Solidity : Using approve function of the ERC-20 token standard
Solidity