Denial of Service Explained in Detail
Denial of service happens when a required action becomes impossible or too expensive to execute. The cause might be a revert, gas limit, unbounded loop, stuck external call, or blocked dependency.
The impact depends on what gets frozen: withdrawals, liquidations, auctions, governance, claims, or upgrades.
Smart contract example
for (uint256 i; i < users.length; i++) {
pay(users[i]);
}
If users grows too large, the function can exceed the block gas limit.
Denial of Service in Auditing
DoS can freeze funds without directly stealing them. In DeFi, blocked liquidations or withdrawals can still create severe losses.
Auditors look for any single user or state condition that can block global progress.
Red flags in code
-
Unbounded loops over users, positions, or rewards.
-
Push payments to untrusted recipients.
-
Required external calls to contracts that can revert.
-
Arrays that only grow and are later fully iterated.
-
No pagination, escape hatch, or per-user processing path.
How to test or review it
-
Use malicious recipients that revert or consume gas.
-
Grow arrays and measure gas at adversarial sizes.
-
Test stale states, blocked callbacks, and oversized batches.
-
Check whether one account can block everyone.
-
Review liquidation, withdrawal, claim, and governance execution paths.
Keep learning this topic
Unbounded Loop
An unbounded loop is a loop whose iteration count can grow with user input or contract state instead of a safe fixed limit.
Gas Griefing
Gas griefing is an attack or failure mode where a caller, receiver, or loop structure causes execution to fail by controlling gas usage.
Push Payment
Push payment is a payout pattern where a contract sends funds to a recipient during another operation.
Practice this in real audit scenarios
Definitions help, but auditors need reps. SCH turns concepts like Denial of Service into exploit labs, code review habits, and report-writing practice.
Start the free trial or see the full smart contract auditing course.