Skip to content

fix: Implement pagination for device retrieval to prevent DoS#18

Open
LSUDOKO wants to merge 1 commit intoc2siorg:mainfrom
LSUDOKO:fix/unbounded-array-return-pagination
Open

fix: Implement pagination for device retrieval to prevent DoS#18
LSUDOKO wants to merge 1 commit intoc2siorg:mainfrom
LSUDOKO:fix/unbounded-array-return-pagination

Conversation

@LSUDOKO
Copy link
Copy Markdown

@LSUDOKO LSUDOKO commented Mar 15, 2026
edited
Loading

Description

This Pull Request addresses a Denial of Service (DoS) vulnerability in DeviceRegistry.sol where the getAllDevices function returned an unbounded array.

As the number of registered devices grows, returning the entire array could eventually exceed the Ethereum block gas limit, causing the function to revert. This would make it impossible for applications to retrieve device information.

Changes Made

1. Implemented getDevicesPaginated

Added a new view function that allows callers to retrieve a subset of the registeredDevices array using cursor and count parameters.

2. Safe Indexing

Included validation checks to ensure:

  • The cursor remains within valid bounds
  • The returned array length is properly capped by the total number of registered devices

Impact & Security Gains

  • Prevents gas limit exhaustion when the dataset grows large.
  • Ensures the system remains scalable as the number of registered cameras increases.
  • Provides a reliable and efficient method for frontends and indexers to fetch device lists.

fixes #14

@pradhyum6144 pradhyum6144 mentioned this pull request Mar 26, 2026
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Unbounded Array Return in getAllDevices (Denial of Service)

1 participant

@LSUDOKO