[BUG]: Unbounded Loop in getSentInvoices / getReceivedInvoices (Potential DoS) --->add pagination

[aniket866]

Bug Description

Unbounded Loop in getSentInvoices / getReceivedInvoices (Potential DoS)

Location

Chainvoice.sol

• getSentInvoices()
• getReceivedInvoices()
• _getInvoices()

---

Issue Summary

The functions getSentInvoices() and getReceivedInvoices() rely on _getInvoices(), which iterates over the entire invoice ID array:

function _getInvoices(uint256[] storage ids) internal view returns (InvoiceDetails[] memory) {
    InvoiceDetails[] memory result = new InvoiceDetails[](ids.length);
    for (uint256 i = 0; i < ids.length; i++) {
        result[i] = invoices[ids[i]];
    }
    return result;
}

Fix:Replace getSentInvoices and getReceivedInvoices

function getSentInvoices(
    address user,
    uint256 offset,
    uint256 limit
) external view returns (InvoiceDetails[] memory) {
    return _getInvoicesPaginated(sentInvoices[user], offset, limit);
}

function getReceivedInvoices(
    address user,
    uint256 offset,
    uint256 limit
) external view returns (InvoiceDetails[] memory) {
    return _getInvoicesPaginated(receivedInvoices[user], offset, limit);
}

Steps to Reproduce

N/A

Logs and Screenshots

N/A

Environment Details

N/a

Impact

High - Major feature is broken

Code of Conduct

• I have joined the Discord server and will post updates there
• I have searched existing issues to avoid duplicates

[aniket866]

@kumawatkaran523 what's your view on this, Please assign

[sach2004]

@DengreSarthak @kumawatkaran523 it is a valid but not really a DoS issue since these are view functions and don't cost any gas on chain, but yeah if someone has a ton of invoices the rpc call could timeout, so pagination makes sense. more of an enhancement than a bug in my opinion.