xmxanuel
commented
1 year ago I can't follow the described problem completely here but I reviewed the related PR carefully.
We are not trying to find the first timestamp where isBalanceEnough is true. We are trying to find the turning point where it is true but not for block.timstamp+1 anymore.
The hints can be incorrect and they will not break anything. It is not required that the necessary represent a range.
(obviously, the caller should provide a range).
They could be just two hints for the lower bound or the higher bound. The order also doesn't matter.
CodeSandwich
c4-sponsor
GalloDaSballo
c4-judge
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/main/src/DripsHub.sol#L510 https://github.com/code-423n4/2023-01-drips/blob/main/src/Drips.sol#L721-L722 https://github.com/code-423n4/2023-01-drips/blob/main/src/Drips.sol#L649 https://github.com/code-423n4/2023-01-drips/blob/main/src/Drips.sol#L648 https://github.com/code-423n4/2023-01-drips/blob/main/src/Drips.sol#L607-L608
Vulnerability details
Impact
The
setDrips()function is used to configure a drip. It can either be withdrawing it, adding a new one, or even managing an existing one by updating the configuration. Internally, it account for the drips that are yet to be distributed to refund them to the dripper, or request additional funds in order to cover each receiver dripping time range. To do the latter, it uses abinary search. This algorithm is often used to findxfor whichf(x) = yby narrowing the range by two at every iteration, until finding a range that is small enough and satisfying. In this case, it's a bit different: we are trying to find the first timestampendfor which there is enoughbalancein order to pay for the drip. This is fundamentally different.Proof of Concept
The issue lies in the fact that this kind of binary search tries to find the very first timestamp that satisfies the expression
_isBalanceEnough(balance, configs, configsLen, end)to return the timestamp, and will not try to guess any better choice that would be closer tonotEnoughEndwhich is the right side of the binary search. That is why if the hints given are not good enough, or not given, then it is going to calculate for some extreme cases a low resolution end timestamp for which the provided balance is enough to drip for this whole period.Because of this issue, if the end timestamp is way too devaluated compared to the balance that was planned to drip the receivers, then the drip
balanceis going to be too big compared to themaxEnd. Resulting in a shorter period than expected.Raising it as medium because of the assumptions written in the comments:
which imply that the optional hint parameters can be used and will only alter the gas usage while the consequences could be worse.
Tools Used
Manual inspection
Recommended Mitigation Steps
It seems reasonable to run the binary search using the hints to find the closest amount of tokens on the lower bound. We can constrain it to not have a too-far higher bound by using a range under which the tolerance is okay and that returns the
maxEndfor this value. Define an acceptable range under theenoughEndvalue so that_isBalanceEnough()is still satisfied in the binary searchwhileloop without returning degraded results.