search

code-423n4 / 2022-11-size-findings

1 stars 0 forks source link

Attacker can take all the winnings and fill up the bids and cause loss of funds or dos #325

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-11-size/blob/969b9591b89ab21dcc9a13925809696dcaf43938/src/SizeSealed.sol#L347

Vulnerability details

Impact

Attacker can fill up all the bids and steal and be the winner and cause a dos and then withdraw/refund the funds since when doing a refund the bid isn't taken off the array an attacker can make 1000 bids and cause dos and have 100 percent chance of winning causing a loss of funds

Proof of Concept

There is no fee taken on the amount and there can be dos and it should be removed.

        b.sender = address(0);

        emit BidRefund(auctionId, bidIndex);

        SafeTransferLib.safeTransfer(ERC20(a.params.quoteToken), msg.sender, b.quoteAmount);
    }

and no array slot popped off which can be filled causing 100 percent winnings for the bidder they are able to get all the bid amounts out and even if they don't win they cant dos the whole auction and still get their funds out with no punishment.

Tools Used

Recommended Mitigation Steps

remove the bid from an array or check the address 

psudeocode
array.pop()
trust1995 commented 2 years ago

Lacking any specifics, believe it to be unsatisfactory.

c4-judge commented 2 years ago

0xean marked the issue as duplicate

trust1995 commented 1 year ago

The submission does not explain a DOS vector properly and is not on par with the rest of the dups, imo.

c4-judge commented 1 year ago

0xean marked the issue as satisfactory

c4-judge commented 1 year ago

0xean changed the severity to 2 (Med Risk)