This issue is being reported as part of the ongoing audit being conducted by Authio for Kyokan.
startDepositExit(uint nonce, uint committedFee) allows the owner of the newly created deposit to set an arbitrary committed fee. In the case where the owner of a deposit does not spend their deposit on the plasma chain, the fee amount cannot be challenged, as the deposit is not included in a block. As the deposit exit queue relies on successfully exiting its highest-priority deposit, an attacker can halt the queue by creating an exit that will never finalize, claiming a committedFee >= amount + minExitBond
This issue is being reported as part of the ongoing audit being conducted by Authio for Kyokan.
startDepositExit(uint nonce, uint committedFee)allows the owner of the newly created deposit to set an arbitrary committed fee. In the case where the owner of a deposit does not spend their deposit on the plasma chain, the fee amount cannot be challenged, as the deposit is not included in a block. As the deposit exit queue relies on successfully exiting its highest-priority deposit, an attacker can halt the queue by creating an exit that will never finalize, claiming a committedFee>= amount + minExitBond