Open c4-submissions opened 11 months ago
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #4
raymondfam marked the issue as duplicate of #514
fatherGoose1 marked the issue as unsatisfactory: Invalid
fatherGoose1 changed the severity to QA (Quality Assurance)
fatherGoose1 marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-10-ethena/blob/main/contracts/StakedUSDeV2.sol#L111
Vulnerability details
when a user approve someone to spend his fund on , the approved user can withdraw his amount by calling
cooldownShares
function this function would add a cooldown duration to the cooldownEnd of the user . its possible to add as any cooldown duration to someone's cooldownend as you want as long as you can keep callingcooldownShares
function with parameters being set as : owner : the user you want to grief and the shares would be the amount that you would waste on griefing the user .it does not matter how much money you want to waste , the same cooldownshare would get added everytime . so its possible to add a very small number of shares for the attacker so he wont lose lots of funds .
the function would then check the approval in _withdraw internal function .
the user it self may had some funds locked and waiting for the cooldown to get ended but by greifing him he will never be able to wirhtdraw funds .
the user may had approved attacker a little money . but its on attacker control to do this in as many times as he want by using smaller input shares
Assessed type
DoS