Harsh Opal Lemur
Medium
Lack of Duplicate Address Check in accounts Array May Lead to Excessive Gas Costs and Potentially Inconsistent State
The setPenaltyPercentages function does not include a mechanism to check for duplicate entries in the accounts array. This lack of duplicate address validation can lead to redundant updates, increased gas consumption, and potential inconsistencies in penalty assignments.
The root cause is the absence of a check in the setPenaltyPercentages function that would prevent duplicate entries in the accounts array. Consequently, the function permits multiple updates to the same address within a single transaction.
function setPenaltyPercentages(
uint256[] memory penaltyPercentages,
address[] memory accounts,
uint256 month
) external {
uint256 monthsPassed = _calculateMonthsPassed();
// Validate the month is within the 6-month vesting period
if (month < monthsPassed || month > AIRDROP_VESTING_DURATION_IN_MONTHS) {
revert OutOfBounds();
}
// Validate the length of the arrays
if (penaltyPercentages.length != accounts.length) {
revert InvalidInputArraysLength();
}
AirdropDistributionStorageV0 storage $ = _airdropDistributionStorageV0();
$.registryAccess.onlyMatchingRole(AIRDROP_PENALTY_OPERATOR_ROLE);
for (uint256 i = 0; i < accounts.length; i++) {
if (penaltyPercentages[i] > BASIS_POINT_BASE) {
revert AmountTooBig();
}
if (penaltyPercentages[i] == $.penaltyPercentageByMonth[accounts[i]][month]) {
revert SameValue();
}
$.penaltyPercentageByMonth[accounts[i]][month] = penaltyPercentages[i];
}
emit PenaltyPercentagesSet(accounts, penaltyPercentages, month);
}The presence of duplicate addresses causes the function to execute redundant operations, leading to significantly higher gas consumption.
Duplicate Address Check:
mapping(address => bool) seenAddresses;
for (uint256 i = 0; i < accounts.length; i++) {
// Check if the address has been seen before
if (seenAddresses[accounts[i]]) {
revert DuplicateAccount();
}
seenAddresses[accounts[i]] = true;
.....
}