-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pontifex - DoS due to unexpected revert in twap update #155
Comments
Low severity, this would take 80+ years for this underflow to occur |
Escalate It appears from the implementation of the Obviously, if the issue is not fixed, this event will occur with 100% probability. The impression of a low probability of an event due to delay probably arises from assumptions that the bug will be found and fixed or the protocol/network will not last that long. In my opinion, it is incorrect to rely on this. Based on the above arguments, I disagree with Low. The severity should remain High or at least Medium. |
@ChechetkinVV I have no further input for this argument 😄, thanks for making my day. This should remain low severity. |
You've created a valid escalation! To remove the escalation from consideration: Delete your comment. You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final. |
Could you elaborate? |
Yes, sure. This is a contract update. It was copied from the old version of Solidity, where the underflow was left. But here they clearly forgot to add unchecked parentheses. In fact, no changes were made to this function and in Solidity 0.8.16 it works differently from 0.6.9. |
@Czar102 @ChechetkinVV Lets put all the timing stuff aside which I believe is already sufficient to keep low/invalid. This issue impacts twap values which is not used for price calculations, so doesn’t matter, should be invalid in consistent with issues like #80 |
It seems like the team doesn't care about it.
I think this function may be invoked in a swap, so this will DoS the protocol. |
I remembered why I thought that they wanted to process this case. The team chose to cast uint32 blockTimestamp = uint32(block.timestamp % 2**32); |
Taking the value modulo I know this is to an extent subjective and I guess some judgments need to be. What further makes me feel safe considering it a low is a long time we'd need to wait for the bug to uncover. Hence, I am planning to reject the escalation and leave the issue as is. |
@Czar102, Thank you for your time! |
Result: |
Escalations have been resolved successfully! Escalation status:
|
pontifex
high
DoS due to unexpected revert in twap update
Summary
Due to an underflow error at the
GSPVault._twapUpdate
function the protocol functionality will be blocked. So users will not be able to redeem shares.Vulnerability Detail
There is a normalization of the
block.timestamp
value touint32
at theGSPVault._twapUpdate
function which works well in solidity 0.6.9 but in recent versions will throw an underflow error.https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/af43d39f6a89e5084843e196fc0185abffe6304d/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPVault.sol#L89-L90
In case the
_IS_OPEN_TWAP_
parameter will be initialized astrue
this issue can cause a permanent asset blocking at the pool whenblock.timestamp
exceedstype(uint32).max
.Impact
Permanent asset blocking at the pool.
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/af43d39f6a89e5084843e196fc0185abffe6304d/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPVault.sol#L89-L90
Tool used
Manual Review
Recommendation
Consider using
unchecked
braces for this calculation:The text was updated successfully, but these errors were encountered: