This repository has been archived by the owner on Oct 1, 2023. It is now read-only.
twicek - Queued deposits can get stuck indefinitely in the deposit queue #63
Comments
github-actions
bot
added
Medium
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
twicek
medium
Queued deposits can get stuck indefinitely in the deposit queue
Summary
Queued deposits can get stuck indefinitely in the deposit queue. By taking advantage of this, an attacker can purposefully grief early users by freezing their funds in the contract.
Vulnerability Detail
The first users to deposit into the deposit queue will be the last to have their deposit minted because the loop in
mintDepositInQueueimplements a First In Last Out stack for deposits.An attacker can spam the deposit queue with small deposits (with
_assets >= relayerFee). Doing so, he can grief early depositors by queuing just enough deposits so that it becomes impossible to mint all queued deposit in one call tomintDepositInQueuedue to out of gas revert. If someone callsmintDepositInQueueand mint X deposits, the attacker can back-run the transaction with the same exact number of deposits to make sure early depositors will never get their deposit minted.Since there is no mechanism allowing users to remove queued deposits, early depositors will risk to have their deposited funds frozen in the contract as long as the attacker decides.
Impact
An attacker can grief early users by freezing their funds in the contract.
Code Snippet
_deposit
mintDepositInQueue
Tool used
Manual Review
Recommendation
Consider implementing a First In First Out stack for the queued deposits.
Duplicate of #174
The text was updated successfully, but these errors were encountered: