The only instance when furnace.melt reverts is when the totalSupply is too low. But then it is ok to catch the exception and just continue with the issuance and potentially lose rToken appreciation.
Potentially losing some rToken appreciation is definitely better than having this attack vector.
The RToken.redeemTo function already has the call to the furnance.melt function wrapped in a try-catch block. So redemption cannot be DOSed.
Lines of code
https://github.com/reserve-protocol/protocol/blob/27a3472d553b4fa54f896596007765ec91941348/contracts/p1/RToken.sol#L308-L312 https://github.com/reserve-protocol/protocol/blob/27a3472d553b4fa54f896596007765ec91941348/contracts/p1/RToken.sol#L132
Vulnerability details
Impact
An early attacker can DOS the
issue
functionality in theRToken
contract.No issuances can be made. And the DOS cannot be recovered from. It is permanent.
Proof of Concept
You can add the following test to the
Furnace.test.ts
file and execute it withyarn hardhat test --grep 'M-05 Mitigation Error: DOS issue'
.The attack performs the following steps:
1e17
rToken1e16
rToken to the furnaceFurnace.melt
such that the furnace takes notice of the transferred rToken and can pay them out laterRToken.melt
RToken.issue
andRToken.melt
are permanently DOSedTools Used
VSCode
Recommended Mitigation Steps
Use a try-catch block for
furnace.melt
in theRToken.issueTo
function.The only instance when
furnace.melt
reverts is when thetotalSupply
is too low. But then it is ok to catch the exception and just continue with the issuance and potentially lose rToken appreciation.Potentially losing some rToken appreciation is definitely better than having this attack vector.
The
RToken.redeemTo
function already has the call to thefurnance.melt
function wrapped in a try-catch block. So redemption cannot be DOSed.