You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2023. It is now read-only.
github-actionsbot opened this issue
Feb 21, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
In DepositManagerV1.sol, a depositor can get a refund for their deposits by calling refundDeposit(). The availableFunds are then calculated by looping through the deposit list and validating the lockedFunds. This is problematic because anyone can create deposits. An attacker (or legitimate users) can deposit dust amounts and cause this array to get too big. The loop would then cause this validation to run out of gas.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
ltyu
high
Refunds can be blocked by deposits
Summary
Excess deposits can block deposit refunds
Vulnerability Detail
In DepositManagerV1.sol, a depositor can get a refund for their deposits by calling
refundDeposit()
. TheavailableFunds
are then calculated by looping through the deposit list and validating thelockedFunds
. This is problematic because anyone can create deposits. An attacker (or legitimate users) can deposit dust amounts and cause this array to get too big. The loop would then cause this validation to run out of gas.Impact
Code Snippet
There is no validation for the size of deposit
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/BountyCore.sol#L21-L58
Tool used
At the last line of this snippet, the
availableFunds
are calculated. A loop is used inbounty.getLockedFunds(depToken)
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/DepositManager/Implementations/DepositManagerV1.sol#L152-L172
lockedFunds calculated here
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/BountyCore.sol#L333-L352
Manual Review
Recommendation
Duplicate of #77
The text was updated successfully, but these errors were encountered: