search

code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

Potential DoS in RewardsManager Contract's _calculateExchangeRateInterestEarned Function. #401

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L487-L508

Vulnerability details

Impact

The _calculateExchangeRateInterestEarned function in the RewardsManager.sol contract can be used to calculate the amount of interest earned on a stake. However, if an attacker sends invalid arguments to this function, it can cause the function to consume an excessive amount of gas, which can result in a DoS attack. A DoS attack occurs when an attacker sends a large number of invalid requests to a system or service, overwhelming it and causing it to stop responding to legitimate requests.

Proof of Concept

The vulnerable code is located in the _calculateExchangeRateInterestEarned function. Below is the vulnerable code block:

    function _calculateExchangeRateInterestEarned(
        address pool_,
        uint256 nextEventEpoch_,
        uint256 bucketIndex_,
        uint256 bucketLP_,
        uint256 exchangeRate_
    ) internal view returns (uint256 interestEarned_) {

        if (exchangeRate_ != 0) {

            uint256 nextExchangeRate = bucketExchangeRates[pool_][bucketIndex_][nextEventEpoch_];

            // calculate interest earned only if next exchange rate is higher than current exchange rate
            if (nextExchangeRate > exchangeRate_) {

                // calculate the equivalent amount of quote tokens given the stakes lp balance,
                // and the exchange rate at the next and current burn events
                interestEarned_ = Maths.wmul(nextExchangeRate - exchangeRate_, bucketLP_);
            }

        }
    }

The vulnerable code block checks if the exchange rate is not equal to zero and calculates the interest earned only if the next exchange rate is higher than the current exchange rate. However, it does not validate the input parameters, and an attacker can send invalid arguments to the function, causing it to consume excessive gas and potentially leading to a DoS attack.

Tools Used

vscode

Recommended Mitigation Steps

Include additional checks to validate the input parameters of the _calculateExchangeRateInterestEarned function and Implement limits on the amount of gas that can be consumed by the function.

Assessed type

DoS

Picodes commented 1 year ago

Invalidating all the warden's reports as either it is written with GPT4 or some AI tool, either the warden lacks basic understanding of the evm.

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid