Solidity Attack Vector #8: Block Gas Limit

Every block in Ethereum has a maximum gas limit. If a transaction requires more gas than the block limit, it can never be executed.

The Vulnerability

If your contract iterates through a dynamically sized array (like a list of all users) to distribute rewards or perform updates, eventually the number of users will grow so large that the function will always exceed the gas limit.

Defense

1. Pull over Push: Let users withdraw their own rewards instead of iterating through a list to send them.

2. Pagination: Allow functions to process the array in small batches.