This repository has been archived by the owner on Jul 19, 2019. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
π Fix DoS vulnerability in Credit Protocol contract
`#executeUcacTx` is an inexpensive and unauthenticated function that increases the transaction counter for a UCAC without actually performing a transaction, up to that UCAC's transaction limit. A motivated attacker can call this function continuously to perform a denial-of-service (DoS) attack on a UCAC, preventing legitimate transactions using that UCAC from being processed. Once started, this attack can be maintained indefinitely. Potential mitigations/effects on a live contract include: * An attack on a UCAC may incentivize its stakeholders to unstake their tokens. * The fewer tokens staked in a UCAC, the less expensive the attack becomes to perform and maintain. * Staking more tokens in the UCAC will increase the transaction limit, thus increasing the cost to perform and maintain the attack. The best mitigation for this attack, then, for a live contract, would be for token holders to stake enough tokens in the affected UCAC to make the attack too expensive for the attacker to maintain.
- Loading branch information