✅Private Club

Idea

The essence of this chall is the "block gas limit" DoS part. There are two things to mention:

1. I thought keep calling addMemberByAdmin() can achieve DoS, but that is not true. You will end up with a huge dynamic array, which costs too much gas on further push() operations when user4 calls becomeMember(). This is because gas usage grows exponentially when you access huge index in an array, that's how EVM was designed to discourge the use of huge arrays. In fact we should keep calling becomeMember() to achieve DoS since it uses low-level call which is expensive.

2. Remember to include gas: blockGasLimit when you call becomeMember(). We are simulating DoS, not achieving actual DoS. Can't really achieve the real DoS since user4 needs to call becomeMember(), we don't want this call to revert.

The rest of this chall is easy enough.

PoC

https://github.com/ret2basic/QuillCTF-PoC/blob/main/PrivateClub/test/PrivateClub.t.sol

PrivateClub PoC