Skip to content
This repository has been archived by the owner on Oct 1, 2023. It is now read-only.

Bauer - DOS attack to getDepositQueueTVL() #332

Closed
sherlock-admin opened this issue Mar 27, 2023 · 4 comments
Closed

Bauer - DOS attack to getDepositQueueTVL() #332

sherlock-admin opened this issue Mar 27, 2023 · 4 comments
Labels
Escalation Resolved This issue's escalations have been approved/rejected Non-Reward This issue will not receive a payout

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Mar 27, 2023

Bauer

medium

DOS attack to getDepositQueueTVL()

Summary

The getDepositQueueTVL() function will return the whole array of depositQueue. It will run out of gas if a malicious user deposits with small amounts for a long list of wallet addresses or there is already a lot of deposit queue.

Vulnerability Detail

The getDepositQueueTVL() function needs to return the whole array of depositQueue in memory, which needs memory copy operation. As a result, when the list is too long, it will run out of gas.
Meanwhile, a malicious can deposit with small amount for a long list of wallet addresses to increase the length of the array depositQueue.
As a result, it creates an effective DOS to the getDepositQueueTVL() function.

    function getDepositQueueTVL() public view returns (uint256 tvl) {
        for (uint256 i = 0; i < depositQueue.length; i++) {
            tvl += depositQueue[i].assets;
        }
    }

Impact

The function getDepositQueueTVL() is not useful anymore when there is a DOS attack.

Code Snippet

https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L690-L694

Tool used

Manual Review

Recommendation

Revise the function getDepositQueueTVL() into getDepositQueueTVL(from, to) so that we can retrieve the deposit queue within a range of indices.

@github-actions github-actions bot closed this as completed Apr 3, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Apr 3, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Apr 11, 2023
@twicek
Copy link

twicek commented Apr 11, 2023

Escalate for 10 USDC

This issue is not a duplicate of #174 and should not be medium severity since the issue is located in a view function that is not used in any state changing function.

As per the documentation:

  • Incorrect values in View functions are by default considered low.
    Exception: In case any of these incorrect values returned by the view functions are used as a part of a larger function which would result in loss of funds then it would be a valid medium/high depending on the impact.

@sherlock-admin
Copy link
Contributor Author

Escalate for 10 USDC

This issue is not a duplicate of #174 and should not be medium severity since the issue is located in a view function that is not used in any state changing function.

As per the documentation:

  • Incorrect values in View functions are by default considered low.
    Exception: In case any of these incorrect values returned by the view functions are used as a part of a larger function which would result in loss of funds then it would be a valid medium/high depending on the impact.

You've created a valid escalation for 10 USDC!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

@sherlock-admin sherlock-admin added the Escalated This issue contains a pending escalation label Apr 11, 2023
@hrishibhat
Copy link

Escalation accepted

Valid low
Not a duplicate of #174

@sherlock-admin
Copy link
Contributor Author

Escalation accepted

Valid low
Not a duplicate of #174

This issue's escalations have been accepted!

Contestants' payouts and scores will be updated according to the changes made on this issue.

@sherlock-admin sherlock-admin added Escalation Resolved This issue's escalations have been approved/rejected and removed Escalated This issue contains a pending escalation labels Apr 21, 2023
@hrishibhat hrishibhat removed Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Reward A payout will be made for this issue labels Apr 28, 2023
@sherlock-admin sherlock-admin added the Non-Reward This issue will not receive a payout label Apr 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Escalation Resolved This issue's escalations have been approved/rejected Non-Reward This issue will not receive a payout
Projects
None yet
Development

No branches or pull requests

3 participants