If _amount is 0, the reLP function will still execute all its operations, including external contract calls, which consume gas. This could lead to unnecessary gas costs for the caller. In a worst-case scenario, if this function is called repeatedly with _amount as 0, it could drain the funds of the caller due to high gas costs. Remediation: Add a require statement at the start of the function to check if _amount is greater than 0. This will immediately revert the transaction if _amount is 0, preventing unnecessary gas usage.
Proof of Concept
Exploit Scenario: An attacker could repeatedly call the reLP function with _amount as 0, causing the contract to execute unnecessary operations and waste gas. Remediation: Add a require statement at the start of the function to check if _amount is greater than 0..
Tools Used
foundry
Recommended Mitigation Steps
Add a require statement at the start of the function to check if _amount is greater than 0.
require(_amount > 0, "reLPContract: amount must be greater than 0");
Lines of code
https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/reLP/ReLPContract.sol#L202
Vulnerability details
Impact
If _amount is 0, the reLP function will still execute all its operations, including external contract calls, which consume gas. This could lead to unnecessary gas costs for the caller. In a worst-case scenario, if this function is called repeatedly with _amount as 0, it could drain the funds of the caller due to high gas costs. Remediation: Add a require statement at the start of the function to check if _amount is greater than 0. This will immediately revert the transaction if _amount is 0, preventing unnecessary gas usage.
Proof of Concept
Exploit Scenario: An attacker could repeatedly call the reLP function with _amount as 0, causing the contract to execute unnecessary operations and waste gas. Remediation: Add a require statement at the start of the function to check if _amount is greater than 0..
Tools Used
foundry
Recommended Mitigation Steps
Add a require statement at the start of the function to check if _amount is greater than 0.
Assessed type
Invalid Validation