Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamic Arrays #160

Closed
c4-submissions opened this issue Oct 9, 2023 · 3 comments
Closed

Dynamic Arrays #160

c4-submissions opened this issue Oct 9, 2023 · 3 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-31 sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@c4-submissions
Copy link
Contributor

Lines of code

https://github.com/Que5/2023-10-ens/blob/main/contracts/ERC20MultiDelegate.sol#L57-L115

Vulnerability details

Impact

The contract can suffer from a Denial-of-Service (DoS) attack if a malicious actor bombards it with a large number of sources and targets until it stops working.

This is because the contract's delegateMulti function processes a potentially large number of sources and targets in a loop. If an attacker can provide a large number of sources and targets, the loop in the delegateMulti function could consume a significant amount of gas, potentially exceeding the block gas limit and causing the transaction to fail.

Proof of Concept

https://github.com/Que5/2023-10-ens/blob/main/contracts/ERC20MultiDelegate.sol#L57-L115

The contract can be exploited through a Denial-of-Service (DoS) attack, specifically a Reentrancy attack. This type of attack occurs when a contract calls another contract (in this case, the _processDelegation, _reimburse, and createProxyDelegatorAndTransfer functions) and, upon receiving a response, continues executing its code.

The potential DoS attack could be executed by providing a large number of sources and targets in the delegateMulti function. This would cause the contract to loop through each source and target, calling the _processDelegation, _reimburse, and createProxyDelegatorAndTransfer functions for each one. If an attacker can trigger this function with a large number of sources and targets, they could consume a significant amount of gas, potentially exceeding the block gas limit and causing the transaction to fail. Moreover an attacker could potentially call the delegateMulti function multiple times in quick succession, causing the contract to enter a state of continuous looping. This could cause the contract to become unresponsive, effectively stopping it from processing any further transactions.

Tools Used

Manual Analysis

Recommended Mitigation Steps

To mitigate the potential Denial-of-Service (DoS) attack, you can implement the following strategies:

  1. Limit the size of the input arrays: You can add a requirement that the size of the input arrays does not exceed a certain limit. This can prevent an attacker from overwhelming the contract with a large number of sources and targets.
  2. Implement a gas limit: You can add a gas limit to each transaction that calls the delegateMulti function. This can prevent an attacker from consuming too much gas with a large number of sources and targets.
  3. Use a counter for the number of transactions: You can implement a counter that tracks the number of delegateMulti transactions executed within a certain period of time. If the counter exceeds a certain limit, you can prevent further transactions until the next period.

Assessed type

DoS
@c4-submissions c4-submissions added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Oct 9, 2023
c4-submissions added a commit that referenced this issue Oct 9, 2023
@c4-submissions
phumlani12 issue #160
79e5511
@code4rena-admin code4rena-admin mentioned this issue Oct 12, 2023
Closed
@c4-pre-sort
Copy link

141345 marked the issue as duplicate of #31

@c4-pre-sort
Copy link

141345 marked the issue as sufficient quality report

@c4-pre-sort c4-pre-sort added the sufficient quality report This report is of sufficient quality label Oct 12, 2023
@c4-judge
Copy link
Contributor

hansfriese marked the issue as unsatisfactory:
Invalid

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Oct 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-31 sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@c4-judge @c4-pre-sort @c4-submissions