This repository has been archived by the owner on May 26, 2023. It is now read-only.
ltyu - Refunds can be blocked by deposits #208
Comments
github-actions
bot
added
Duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
ltyu
high
Refunds can be blocked by deposits
Summary
Excess deposits can block deposit refunds
Vulnerability Detail
In DepositManagerV1.sol, a depositor can get a refund for their deposits by calling
refundDeposit(). TheavailableFundsare then calculated by looping through the deposit list and validating thelockedFunds. This is problematic because anyone can create deposits. An attacker (or legitimate users) can deposit dust amounts and cause this array to get too big. The loop would then cause this validation to run out of gas.Impact
Code Snippet
There is no validation for the size of deposit
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/BountyCore.sol#L21-L58
Tool used
At the last line of this snippet, the
availableFundsare calculated. A loop is used inbounty.getLockedFunds(depToken)https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/DepositManager/Implementations/DepositManagerV1.sol#L152-L172
lockedFunds calculated here
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/BountyCore.sol#L333-L352
Manual Review
Recommendation
Duplicate of #77
The text was updated successfully, but these errors were encountered: