You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
The issue describes the possibility of mint reverting due to lack of gas and causing the contract to be paused.
This is possible because mint() can mint up to 100 tokens in one call, consuming more then 63/64 of parent contracts calls gas.
The issue was later invalidated because in the old version the contract was catching only string errors, which does not include out of gas.
The current version does not only catch string errors:
} catch {
// Pause the contract if token minting failed_pause();
returnfalse;
}
This makes the before described attack possible.
Following POC is slightly modified from the POC provided by alex in the old issue:
sherlock-admin
changed the title
Precise Ginger Meerkat - Auction can be forcefully paused
SilentDefendersOfDeFi - Auction can be forcefully paused
Dec 13, 2023
sherlock-admin
added
Reward
A payout will be made for this issue
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
and removed
Non-Reward
This issue will not receive a payout
labels
Dec 21, 2023
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
SilentDefendersOfDeFi
medium
Auction can be forcefully paused
Summary
According to the EIP-150 call opcode can consume as most 63/64 of parent calls' gas. That means token.mint() can fail since there will be no gas.
This will pause the auction, which has to be restarted by governance.
Vulnerability Detail
Following issue was reported in the previous audit, which was later determined as invalid:
code-423n4/2022-09-nouns-builder-findings#719
The issue describes the possibility of mint reverting due to lack of gas and causing the contract to be paused.
This is possible because mint() can mint up to 100 tokens in one call, consuming more then 63/64 of parent contracts calls gas.
The issue was later invalidated because in the old version the contract was catching only string errors, which does not include out of gas.
The current version does not only catch string errors:
This makes the before described attack possible.
Following POC is slightly modified from the POC provided by alex in the old issue:
https://gist.github.com/Shogoki/9c98564ed1d2e29b5bd1bbc95e43a359
Impact
Forcefully pause DAOs that have large amount of founders.
Code Snippet
https://github.com/sherlock-audit/2023-09-nounsbuilder/blob/main/nouns-protocol/src/auction/Auction.sol#L324
Tool used
Manual Review
Recommendation
Catch only string errors / add a check for gasLeft(); at the start of createAuction();
Duplicate of #243
The text was updated successfully, but these errors were encountered: