You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Github username:@8ahoz Submission hash (on-chain): 0x8711e507759f48a25f42dc1d10858eddeb4d5018c95796f88c4ca1fa197f6293 Severity: high severity
Description:
Description:
Whitelisted addresses that are allowed to create permissionless tranches can create tranches and call claimTrancheId() in LendingPoolConfigurator.sol which increases totalTranches number. The same number later used to iterate through all tranches on the protocol in validateAssetAllowed() which is used in setAssetAllowed() in AssetsMapping.sol
setAssetAllowed() is an important function used to enable assets on whole protocol by onlyGlobalAdmin.
If the totalTranches number is sufficiently high, the loop on AssetsMapping:L68 will revert with OOG.
A whitelisted account that is allowed to create tranches will make a high number of calls to the claimTrancheId() and increase the totalTranches number to a sufficiently high number.
After that all calls to the setAssetAllowed() from the global admin will be blocked because of OOG errors.
The text was updated successfully, but these errors were encountered:
Github username: @8ahoz
Submission hash (on-chain): 0x8711e507759f48a25f42dc1d10858eddeb4d5018c95796f88c4ca1fa197f6293
Severity: high severity
Description:
Description:
Whitelisted addresses that are allowed to create permissionless tranches can create tranches and call
claimTrancheId()inLendingPoolConfigurator.solwhich increasestotalTranchesnumber. The same number later used to iterate through all tranches on the protocol invalidateAssetAllowed()which is used insetAssetAllowed()inAssetsMapping.solsetAssetAllowed()is an important function used to enable assets on whole protocol byonlyGlobalAdmin.If the
totalTranchesnumber is sufficiently high, the loop onAssetsMapping:L68will revert with OOG.https://github.com/VMEX-finance/vmex/blob/b0dc00c5dd6bdcac05827128d14dcdc730f19e1c/packages/contracts/contracts/protocol/lendingpool/AssetMappings.sol#L68
Attack scenario:
A whitelisted account that is allowed to create tranches will make a high number of calls to the
claimTrancheId()and increase thetotalTranchesnumber to a sufficiently high number.After that all calls to the
setAssetAllowed()from the global admin will be blocked because of OOG errors.The text was updated successfully, but these errors were encountered: