Unbounded loop vulnerability

Summary

In the liquidateLoanFull function, there is a potential unbounded loop vulnerability when looping through the loanIds array, which could lead to high gas consumption and possible Denial of Service (DoS) attacks.

Vulnerability Detail

The liquidateLoanFull function contains a loop that iterates through the loanIds array. As the size of the array is not bounded, the loop could potentially consume a large amount of gas, making it susceptible to Denial of Service (DoS) attacks.

Impact

This vulnerability could lead to high gas consumption and DoS attacks, potentially impacting the availability and functionality of the platform.

Code Snippet

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L676

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L953

Tool used

Manual Review

Recommendation

Consider implementing a mechanism to limit the number of loans that can be liquidated in a single transaction, such as batching or pagination. This will help reduce the risk of high gas consumption and DoS attacks.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

034.md

034.md

Unbounded loop vulnerability

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

034.md

Latest commit

History

034.md

File metadata and controls

Unbounded loop vulnerability

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation