Smart Contract Smart Contract
Audit Pricing Blog Resources
Get Started

Denial of Service (DoS)

HomeGlossary › Denial of Service (DoS)

A denial-of-service (DoS) vulnerability allows an attacker to make a contract permanently unusable. In smart contracts, the most common DoS patterns involve blocking critical functions by exploiting gas limits, reverting external calls, or exhausting storage.

Common DoS patterns

1. Revert-based DoS (blocking pull payments)

// VULNERABLE — iterates users and sends ETH; one bad recipient blocks all
function distributeRewards() public {
    for (uint i = 0; i < users.length; i++) {
        // If any user's fallback reverts, the entire distribution reverts
        payable(users[i]).transfer(rewards[users[i]]);
    }
}

// Attacker adds a contract that reverts on receive:
receive() external payable { revert(); }
// Now distributeRewards() is permanently bricked

Safe pattern (pull over push)

// SAFE — each user claims their own reward
mapping(address => uint) public pendingRewards;

function claimReward() public {
    uint amount = pendingRewards[msg.sender];
    pendingRewards[msg.sender] = 0;
    (bool ok,) = msg.sender.call{value: amount}("");
    require(ok, "Transfer failed");
    // If this reverts, only the claimer is affected
}

2. Gas limit DoS (unbounded loops)

// VULNERABLE — loop over unbounded array
function clearAll() public {
    for (uint i = 0; i < allUsers.length; i++) {
        delete balances[allUsers[i]];
    }
    // Attacker floods allUsers with 10,000 addresses — function runs out of gas
}

3. Owner DoS (single point of failure)

If a contract requires owner approval for critical actions but the owner key is lost or the owner is a compromised address, the contract can be permanently frozen.

Real-world exploits

  • GovernMental (2016) — a jackpot contract could not pay out because the loop ran out of gas.
  • King of the Ether (2016) — a reverting refund caused the throne to be permanently locked.

How to prevent it

  • Use the pull payment pattern — let users claim funds rather than pushing to them.
  • Avoid unbounded loops — use pagination or off-chain batching.
  • Use multi-sig or governance for owner-dependent operations to avoid single points of failure.

Related vulnerabilities

← Back to Glossary
Security Resources
Vulnerability Glossary · Security Blog · Token Risk Profiles
Chain Guides
Ethereum · Polygon · Arbitrum · Base · BNB Chain
ERC Standard Security
ERC20 · ERC721 · ERC1155 · ERC777 · ERC4626 · ERC2612 · ERC4337
© 2026 Smart Contract Audit — Privacy · Terms · Refund Policy