One could argue this attack won't happen since the attacker would also spend gas making the deposits. I argue the gas the attacker would spend could be much much less than the gas required to make the withdrawals if the rewards are distributed in many tokens. This happens because the withdraw function loops through every token and performs arithmetic to compute taxes for each token. This doesn't happen in the deposit function wich is of constant complexity.
https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/PermissionlessBasicPoolFactory.sol#L224
An attacker can then force the owner to waste more gas than the excess rewards which would make the excess rewards not worth taking out. The attacker could do this without using much gas himself since the withdraw function is many times
Lines of code
https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/PermissionlessBasicPoolFactory.sol#L245 https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/PermissionlessBasicPoolFactory.sol#L224
Vulnerability details
Impact
Detailed description of the impact of this finding.
Proof of Concept
If an attacker makes many deposits of 1 wei the staking pool creator will have to make the withdraws himself to remove the unclaimed reward tokens. This can mean the pool creator will have to spend a huge amount of gas to do these withdrawals. https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/PermissionlessBasicPoolFactory.sol#L245
One could argue this attack won't happen since the attacker would also spend gas making the deposits. I argue the gas the attacker would spend could be much much less than the gas required to make the withdrawals if the rewards are distributed in many tokens. This happens because the withdraw function loops through every token and performs arithmetic to compute taxes for each token. This doesn't happen in the deposit function wich is of constant complexity. https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/PermissionlessBasicPoolFactory.sol#L224
An attacker can then force the owner to waste more gas than the excess rewards which would make the excess rewards not worth taking out. The attacker could do this without using much gas himself since the withdraw function is many times