Unbounded Loop Explained in Detail
An unbounded loop has no safe maximum iteration count. It may loop over all users, all positions, all markets, or all rewards.
As the list grows, the function can become too expensive to execute.
Smart contract example
for (uint256 i; i < users.length; i++) {
distribute(users[i]);
}
This is risky if anyone can make users.length grow without a strict cap.
Unbounded Loop in Auditing
Unbounded loops are a common denial-of-service pattern. They can work in testing with a few users and fail in production with thousands.
Auditors check whether critical actions scale with global state.
Red flags in code
-
Loops over all users, NFTs, positions, validators, or proposals.
-
Nested loops over dynamic arrays.
-
On-chain sorting or deletion by full-array scan.
-
Calldata arrays are accepted without length caps.
-
Claims or liquidations require processing unrelated users.
How to test or review it
-
Measure gas as array sizes grow.
-
Fuzz maximum input lengths.
-
Look for pagination, checkpoints, mappings, or per-user accounting.
-
Test whether one user can bloat shared state.
-
Review admin and emergency functions too, not only public user flows.
Keep learning this topic
Denial of Service
Denial of service is a bug or attack that makes a contract function or protocol path unusable.
Gas Griefing
Gas griefing is an attack or failure mode where a caller, receiver, or loop structure causes execution to fail by controlling gas usage.
Mapping
A mapping is a Solidity key-value storage structure that returns a default value for keys that have never been written.
Practice this in real audit scenarios
Definitions help, but auditors need reps. SCH turns concepts like Unbounded Loop into exploit labs, code review habits, and report-writing practice.
Start the free trial or see the full smart contract auditing course.