Publication
Partagez vos connaissances.
How to Report Multiple Instances of an Attack Vector in Base Code?
I have encountered the same attack vector multiple times in a base code. Should I include each instance separately in my report or consolidate them into a single entry? For instance, if I identify a Denial of Service (DOS) attack in three different functions, should I classify these findings as three distinct high-severity issues in my report, or combine them into a single report entry for efficiency and clarity?
Any insights on the best approach for reporting such repeated vulnerabilities would be greatly appreciated. Thank you.
- Security
Réponses
1Based on the example provided in the enterRaffle function, accessing the players' state array could potentially lead to a Denial of Service (DOS) issue. This issue could prevent new players from participating in the raffle, surpassing the gas limit of a block. In such a scenario, it is crucial to address this concern by highlighting that users may encounter difficulties entering the raffle due to a DOS vulnerability within the enterRaffle function.
Furthermore, let us consider a hypothetical situation where a similar loop causing a DOS issue exists within the refund function. In this case, a distinct issue would arise, emphasizing that users might face obstacles in receiving refunds due to a DOS vulnerability within the refund function.
Although both scenarios stem from DOS vulnerabilities, it is essential to differentiate between the issues to effectively address and resolve them.
Connaissez-vous la réponse ?
Veuillez vous connecter et la partager.
Cyfrin Updraft is an education platform specializing on teaching the next generation of smart contract developers