c4-pre-sort
commented
1 year ago 141345 marked the issue as low quality report
Open code423n4 opened 1 year ago
c4-pre-sort
commented
1 year ago 141345 marked the issue as low quality report
c4-pre-sort
commented
1 year ago 141345 marked the issue as duplicate of #286
c4-pre-sort
commented
1 year ago 141345 marked the issue as not a duplicate
141345
commented
1 year ago maybe QA
c4-judge
commented
1 year ago alcueca changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago alcueca marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-07-basin/blob/c1b72d4e372a6246e0efbd57b47fb4cbb5d77062/src/Well.sol#L557-L560
Vulnerability details
Impact
There is no limit to the number of _tokens. It is therefore possible to set a large number of tokenssuch that safeTransfer() will run out of gas when transferring tokens. This will cause denial of service to all removeLiquidityImbalanced functions
Proof of Concept
https://github.com/code-423n4/2023-07-basin/blob/main/src/Well.sol#L557-L560
Tools Used
Manual Review
Recommended Mitigation Steps
It would be best to set a sanity maximum number of tokens that can be added.
Assessed type
DoS