search

code-423n4 / 2023-04-frankencoin-findings

5 stars 4 forks source link

Denial Of Service #943

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Equity.sol#L225 https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/Equity.sol#L231

Vulnerability details

Impact

If the owner is not equal to the zero address, delegate != owner, and delegates[owner] == owner, the program will enter the last else statement. The function will recursively call itself, eventually causing the contract to run out of gas and revert. This issue affects the function votes(address sender, address[] calldata helpers), which in turn affects the checkQualified function. If the given conditions are met, this could lead to a Denial of Service.

Proof of Concept

1- Provide a delegate input address different from the owner address. 2- Provide an owner address different from the zero address, and ensure that delegates[owner] is equal to the owner (i.e., delegates[owner] = owner). 4- The program will enter the last else statement. 5- The function will call itself recursively. Return to step 1 and repeat the process until a revert occurs. 7- The contract will run out of gas and revert due to out-of-gas.

Tools Used

Manually

Recommended Mitigation Steps

To prevent this issue, line 226 can be updated as shown in the example below: if (owner == delegate || delegates[owner] == owner);

c4-pre-sort commented 1 year ago

0xA5DF marked the issue as duplicate of #640

c4-judge commented 1 year ago

hansfriese changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

hansfriese marked the issue as grade-c