roguereddwarf - Carousel: DOS in getRolloverTVL and getDepositQueueTVL function

[sherlock-admin]

roguereddwarf

medium

Carousel: DOS in getRolloverTVL and getDepositQueueTVL function

Summary

The Carousel.getRolloverTVL function iterates over all elements in the rolloverQueue to calculate the TVL.
The Carousel.getDepositQueueTVL function does the same for the depositQueue.

The issue with both functions is that the rolloverQueue / depositQueue can contain so many elements that the block gas limit is reached and the function always reverts no matter how much Gas is provided.

Vulnerability Detail

The issue is more severe for the getRolloverTVL function because elements from the rollover queue can only be removed by the user.
So an attacker can put a lot of entries into the rollover queue with different addresses such that the function cannot be provided with sufficient Gas to iterate over all elements or the function call becomes very expensive. Only he himself can remove these entries.

The depositQueue is different because entries are removed when they are processed.

Impact

An attacker can DOS the getRolloverTVL and getDepositQueueTVL functions such that other protocols cannot integrate with them or make calls to them very expensive which is a loss of funds for users.

Code Snippet

https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L655-L671

https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/Carousel/Carousel.sol#L690-L694

Tool used

Manual Review

Recommendation

This problem is hard to solve because it is intended that elements in the rolloverQueue remain in the queue after they are processed for the next rollover.

A solution can be to make the functions paginated such that not all elements must be queried at once which solves the DOS attack.

[hrishibhat]

This is a low issue