You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Contract the way it's done now could be attacked by creating bunch of small transfers to some account, to the point where that account couldn't claim any of his tokens.
This happens because mint action has to iterate through all the the rows in transfer_ins table in order to calculate the amount of tokens to be claimed. But this can take a lot of time and exceed the max transaction time, if table contains a lot of rows. Attacker could take advantage of that by spamming the table with small transfers.
One potential solution is to create a new action which could claim for each transfer_in individually.
The text was updated successfully, but these errors were encountered:
Contract the way it's done now could be attacked by creating bunch of small transfers to some account, to the point where that account couldn't claim any of his tokens.
This happens because
mint
action has to iterate through all the the rows intransfer_ins
table in order to calculate the amount of tokens to be claimed. But this can take a lot of time and exceed the max transaction time, if table contains a lot of rows. Attacker could take advantage of that by spamming the table with small transfers.One potential solution is to create a new action which could claim for each transfer_in individually.
The text was updated successfully, but these errors were encountered: