users can't cancel reservation due to out-of-gas

mediumCode4rena

Lines of code

https://github.com/code-423n4/2024-10-coded-estate/blob/main/contracts/codedestate/src/execute.rs#L746

Vulnerability details

Description

in execute.rs#cancelreservationafterapprovalforshortterm and execute.rs#cancelreservationafterapprovalforlongterm() , multiple iterations occur over the cancellation vector, which may cause the transaction to fail due to an out-of-gas error.

Consequently, Malicious NFT owners could exploit this by setting a big list inside the cancellation vector by invoking execute.rs#setlistforshorttermrental() or execute.rs#setlistforlongtermrental()

rust
    pub fn setlistforlongtermrental(
    /***CODE***/
        cancellation: Vec<CancellationItem>,
    ) -> Result<Response<C>, ContractError> {
/***CODE***/
token.longterm_rental.cancellation = cancellation;

to force the cancellation of the reservation to fail due to gas limits,

Impact

users can't cancel reservation

Tools Used

Manual Review

Recommended Mitigation Steps

Set a cap for the length of the cancellation vector that owners can set it.

Assessed type

Other

OneBugPerDay.com

To all the whitehats, we salute you

Legal

Advertise with us Privacy Policy Terms of Service Cookie Policy Acceptable Use

Unsubscribe

Unsubscribe from all emails Confirm unsubscribe via code

Subscribe via form Confirm subscription via code Change your Preferences

Made by Alex The Entreprenerd Vulnerabilities database by TinTinWeb