The _calculateExchangeRateInterestEarned function in the RewardsManager.sol contract can be used to calculate the amount of interest earned on a stake. However, if an attacker sends invalid arguments to this function, it can cause the function to consume an excessive amount of gas, which can result in a DoS attack. A DoS attack occurs when an attacker sends a large number of invalid requests to a system or service, overwhelming it and causing it to stop responding to legitimate requests.
function _calculateExchangeRateInterestEarned(
address pool_,
uint256 nextEventEpoch_,
uint256 bucketIndex_,
uint256 bucketLP_,
uint256 exchangeRate_
) internal view returns (uint256 interestEarned_) {
if (exchangeRate_ != 0) {
uint256 nextExchangeRate = bucketExchangeRates[pool_][bucketIndex_][nextEventEpoch_];
// calculate interest earned only if next exchange rate is higher than current exchange rate
if (nextExchangeRate > exchangeRate_) {
// calculate the equivalent amount of quote tokens given the stakes lp balance,
// and the exchange rate at the next and current burn events
interestEarned_ = Maths.wmul(nextExchangeRate - exchangeRate_, bucketLP_);
}
}
}
The vulnerable code block checks if the exchange rate is not equal to zero and calculates the interest earned only if the next exchange rate is higher than the current exchange rate. However, it does not validate the input parameters, and an attacker can send invalid arguments to the function, causing it to consume excessive gas and potentially leading to a DoS attack.
Tools Used
vscode
Recommended Mitigation Steps
Include additional checks to validate the input parameters of the _calculateExchangeRateInterestEarned function and Implement limits on the amount of gas that can be consumed by the function.
Lines of code
https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L487-L508
Vulnerability details
Impact
The
_calculateExchangeRateInterestEarned
function in the RewardsManager.sol contract can be used to calculate the amount of interest earned on a stake. However, if an attacker sends invalid arguments to this function, it can cause the function to consume an excessive amount of gas, which can result in a DoS attack. A DoS attack occurs when an attacker sends a large number of invalid requests to a system or service, overwhelming it and causing it to stop responding to legitimate requests.Proof of Concept
The vulnerable code is located in the _calculateExchangeRateInterestEarned function. Below is the vulnerable code block:
The vulnerable code block checks if the exchange rate is not equal to zero and calculates the interest earned only if the next exchange rate is higher than the current exchange rate. However, it does not validate the input parameters, and an attacker can send invalid arguments to the function, causing it to consume excessive gas and potentially leading to a DoS attack.
Tools Used
vscode
Recommended Mitigation Steps
Include additional checks to validate the input parameters of the
_calculateExchangeRateInterestEarned
function and Implement limits on the amount of gas that can be consumed by the function.Assessed type
DoS