Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

apegurus/dos-gas-limit

Name: dos-gas-limit
Author: apegurus

skills/vulnerability-patterns/dos-gas-limit/SKILL.md

npx skillsauth add apegurus/solidity-argus dos-gas-limit

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

DoS with Block Gas Limit

Preconditions

Contract iterates over a dynamic array or mapping whose size can grow unboundedly
The iteration must complete in a single transaction (no batching/pagination)
OR: time-sensitive logic where block stuffing by an attacker can delay transaction inclusion

Vulnerable Pattern

address[] public recipients;

function addRecipient(address r) external {
    recipients.push(r); // Array grows without bound
}

// Push-payment: one tx must process all recipients
function distributeRewards() external {
    for (uint256 i = 0; i < recipients.length; i++) {
        // When recipients.length grows large enough,
        // this loop exceeds block gas limit and ALWAYS reverts
        payable(recipients[i]).transfer(reward);
    }
}

Detection Heuristics

Identify all loops (for, while) in the codebase
For each loop, check if the iteration count depends on a dynamic array or storage structure that can grow over time
If the loop is unbounded and must complete in a single transaction, flag it — it will eventually exceed the block gas limit
Check if the function supports batching or pagination (e.g., startIndex, batchSize parameters) — if not, flag it
For time-sensitive functions (auctions, deadlines, liquidations), check if an attacker could stuff blocks with high-gas transactions to delay inclusion

False Positives

Loop iterates over a fixed-size or bounded array (e.g., uint256[10], array with a capped maxLength)
Function supports paginated/batched execution across multiple transactions
Loop iteration count is controlled by the caller (e.g., batch size parameter with reasonable max)
The array is admin-only appendable and has a practical maximum

Remediation

Replace push-payment (contract sends to all) with pull-payment (recipients withdraw individually)
If iteration is unavoidable, add batching/pagination with startIndex and batchSize parameters
Cap array sizes with a maximum length check on push operations
For time-sensitive logic, avoid designs where block stuffing can be profitable

// Pull-payment pattern
mapping(address => uint256) public pendingWithdrawals;

function claimReward() external {
    uint256 amount = pendingWithdrawals[msg.sender];
    pendingWithdrawals[msg.sender] = 0;
    payable(msg.sender).transfer(amount);
}

apegurus/dos-gas-limit

skills/vulnerability-patterns/dos-gas-limit/SKILL.md

- Contract iterates over a dynamic array or mapping whose size can grow unboundedly

tools

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus dos-gas-limit

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:25 AM133.6s1 file scanned

SKILL.md

name:: dos-gas-limit
description:: Loop bounded by dynamic length may become unexecutable at scale
pattern_category:: dos
- regex:: for\s*\([^)]*\.length
severity:: Medium
confidence:: Low
swc:: SWC-128

DoS with Block Gas Limit

Preconditions

Contract iterates over a dynamic array or mapping whose size can grow unboundedly
The iteration must complete in a single transaction (no batching/pagination)
OR: time-sensitive logic where block stuffing by an attacker can delay transaction inclusion

Vulnerable Pattern

address[] public recipients;

function addRecipient(address r) external {
    recipients.push(r); // Array grows without bound
}

// Push-payment: one tx must process all recipients
function distributeRewards() external {
    for (uint256 i = 0; i < recipients.length; i++) {
        // When recipients.length grows large enough,
        // this loop exceeds block gas limit and ALWAYS reverts
        payable(recipients[i]).transfer(reward);
    }
}

Detection Heuristics

Identify all loops (for, while) in the codebase
For each loop, check if the iteration count depends on a dynamic array or storage structure that can grow over time
If the loop is unbounded and must complete in a single transaction, flag it — it will eventually exceed the block gas limit
Check if the function supports batching or pagination (e.g., startIndex, batchSize parameters) — if not, flag it
For time-sensitive functions (auctions, deadlines, liquidations), check if an attacker could stuff blocks with high-gas transactions to delay inclusion

False Positives

Loop iterates over a fixed-size or bounded array (e.g., uint256[10], array with a capped maxLength)
Function supports paginated/batched execution across multiple transactions
Loop iteration count is controlled by the caller (e.g., batch size parameter with reasonable max)
The array is admin-only appendable and has a practical maximum

Remediation

Replace push-payment (contract sends to all) with pull-payment (recipients withdraw individually)
If iteration is unavoidable, add batching/pagination with startIndex and batchSize parameters
Cap array sizes with a maximum length check on push operations
For time-sensitive logic, avoid designs where block stuffing can be profitable

// Pull-payment pattern
mapping(address => uint256) public pendingWithdrawals;

function claimReward() external {
    uint256 amount = pendingWithdrawals[msg.sender];
    pendingWithdrawals[msg.sender] = 0;
    payable(msg.sender).transfer(amount);
}

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/vulnerability-patterns/dos-gas-limit ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT