Griefing of auctions and DoS #11
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-237
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L415-L440
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L156-L159
Vulnerability details
Impact
Proof of Concept
There is a limit to number of bids per auction. The attacker can place bid and cancel bids recursively to fill up the bids array preventing the seller from getting any valid bids and having to redo the auction all over again. This can also be used to prevent users from being able to participate in an auction essentially creating a DoS attack.
Pseudo code:
Tools Used
Recommended Mitigation Steps
Delete cancelled bids from the bids array.
The text was updated successfully, but these errors were encountered: