Post
Share your knowledge.
How to Report Multiple Instances of an Attack Vector in Base Code?
I have encountered the same attack vector multiple times in a base code. Should I include each instance separately in my report or consolidate them into a single entry? For instance, if I identify a Denial of Service (DOS) attack in three different functions, should I classify these findings as three distinct high-severity issues in my report, or combine them into a single report entry for efficiency and clarity?
Any insights on the best approach for reporting such repeated vulnerabilities would be greatly appreciated. Thank you.
- Security
Answers
1Based on the example provided in the enterRaffle function, accessing the players' state array could potentially lead to a Denial of Service (DOS) issue. This issue could prevent new players from participating in the raffle, surpassing the gas limit of a block. In such a scenario, it is crucial to address this concern by highlighting that users may encounter difficulties entering the raffle due to a DOS vulnerability within the enterRaffle function.
Furthermore, let us consider a hypothetical situation where a similar loop causing a DOS issue exists within the refund function. In this case, a distinct issue would arise, emphasizing that users might face obstacles in receiving refunds due to a DOS vulnerability within the refund function.
Although both scenarios stem from DOS vulnerabilities, it is essential to differentiate between the issues to effectively address and resolve them.
Do you know the answer?
Please log in and share it.
Cyfrin Updraft is an education platform specializing on teaching the next generation of smart contract developers