search

code-423n4 / 2022-09-frax-findings

2 stars 1 forks source link

Large deposits can dos frxETHMinter#depositEther due to unbounded loop #333

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-09-frax/blob/55ea6b1ef3857a277e2f47d42029bc0f3d6f9173/src/frxETHMinter.sol#L120-L155

Vulnerability details

Impact

Ethereum cannot be deposited to validators

Proof of Concept

frxETHMinter#depositEther contains an unbounded loop that requires all deposited ETH up to the nearest whole 32 ETH to be deposited to validators. If there is a sufficiently large amount of deposits before depositEther is called, then the loop will fail due to OOG error. This will render frxETHMinter#depositEther unusable.

Tools Used

Manual Review

Recommended Mitigation Steps

frxETHMinter#depositEther should either implement a hard cap (i.e. 10 per transaction) or the cap should be an input into the function.

FortisFortuna commented 2 years ago

We plan to keep an eye on the number free validators and have a decent sized buffer of them.

FortisFortuna commented 2 years ago

Adding a maxLoops parameter or similar can help mitigate this for sure.

FortisFortuna commented 2 years ago

duplicate of https://github.com/code-423n4/2022-09-frax-findings/issues/17