search

code-423n4 / 2023-10-canto-findings

0 stars 1 forks source link

Gas Exhaustion Vulnerability in setAmbRewards and setAmbRewards Functions #159

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L77 https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L68

Vulnerability details

Impact

The setAmbRewards function contains a gas exhaustion vulnerability that could potentially lead to a denial-of-service (DoS) attack. Malicious actors can exploit this vulnerability by specifying a large difference between the weekFrom and weekTo parameters, causing an unbounded loop that consumes excessive gas. As a result, legitimate transactions may be delayed or prevented from execution, disrupting the normal operation of the contract and affecting its availability.

Proof of Concept

function setConcRewards(bytes32 poolIdx, uint32 weekFrom, uint32 weekTo, uint64 weeklyReward) public payable {
    // require(msg.sender == governance_, "Only callable by governance");
    require(weekFrom % WEEK == 0 && weekTo % WEEK == 0, "Invalid weeks");
    while (weekFrom <= weekTo) {
        concRewardPerWeek_[poolIdx][weekFrom] = weeklyReward;
        weekFrom += uint32(WEEK);
    }
}

function setAmbRewards(bytes32 poolIdx, uint32 weekFrom, uint32 weekTo, uint64 weeklyReward) public payable {
    // require(msg.sender == governance_, "Only callable by governance");
    require(weekFrom % WEEK == 0 && weekTo % WEEK == 0, "Invalid weeks");
    while (weekFrom <= weekTo) {
        ambRewardPerWeek_[poolIdx][weekFrom] = weeklyReward;
        weekFrom += uint32(WEEK);
    }
}

The function accepts parameters weekFrom and weekTo to specify a range of weeks. It uses a while loop to iterate through each week within the specified range. It executes instructions for each week. The issue here is that there is no limit on the range of weeks that can be specified. If a user specifies a very large difference between weekFrom and weekTo, it can cause the while loop to iterate for an extended period, consuming an excessive amount of gas. Eventually, the transaction may run out of gas, effectively halting the contract execution.

Tools Used

Manual review

Recommended Mitigation Steps

Set a reasonable gas limit for transactions that call the setAmbRewards function to prevent excessive gas consumption. Carefully choose the gas limit to balance security and functionality.

Assessed type

DoS

c4-pre-sort commented 1 year ago

141345 marked the issue as low quality report

141345 commented 1 year ago

invalid

the array is user input

c4-judge commented 1 year ago

dmvt marked the issue as unsatisfactory: Invalid