smartbugs-curated/dataset/denial_of_service/send_loop.sol

29 lines
890 B
Solidity

/*
* @source: https://consensys.github.io/smart-contract-best-practices/known_attacks/#dos-with-unexpected-revert
* @author: ConsenSys Diligence
* @vulnerable_at_lines: 24
* Modified by Bernhard Mueller
*/
pragma solidity 0.4.24;
contract Refunder {
address[] private refundAddresses;
mapping (address => uint) public refunds;
constructor() {
refundAddresses.push(0x79B483371E87d664cd39491b5F06250165e4b184);
refundAddresses.push(0x79B483371E87d664cd39491b5F06250165e4b185);
}
// bad
function refundAll() public {
for(uint x; x < refundAddresses.length; x++) { // arbitrary length iteration based on how many addresses participated
// <yes> <report> DENIAL_OF_SERVICE
require(refundAddresses[x].send(refunds[refundAddresses[x]])); // doubly bad, now a single failure on send will hold up all funds
}
}
}