PatrickAlphaC
commented
1 year ago low, attacker has little incentive to do this attack as they have to pay gas for every griefing transaction but don't get any financial reward. Also the impact is minimal on the victim as this attack only affects those with small staking amounts which would get small rewards anyway
Griefing Attack via updateFor Function
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Staking.sol#L80-L94
Summary
A vulnerability has been identified in the
updateForfunction, which can be exploited by an attacker to grief users with smaller deposits. The function, being public, allows anyone to call it for any address, potentially causing rounding errors that can lead to reduced or zero rewards for users with low deposits.Vulnerability Details
The updateFor function updates the rewards for a given recipient. Within the function, the reward share for the recipient is calculated using the formula: uint256 _share = _supplied * _delta / 1e18;
If an attacker frequently calls the
updateForfunction for an address with a small deposit (_supplied), especially when the _delta (change in index) is small, the result of the multiplication can be much smaller than 1e18. Given Solidity's integer division, this can lead to the _share rounding down to zero. This means the recipient would not receive their rightful rewards, effectively being "grieved" by the attacker.Impact
Users with smaller deposits might receive fewer rewards or none at all due to the rounding down caused by frequent updates.
Tools Used
Manual Review
Recommendations
Introduce a minimum threshold for _delta to ensure that the reward calculation is meaningful and not prone to rounding errors.