c4-pre-sort
commented
11 months ago raymondfam marked the issue as sufficient quality report
Open c4-submissions opened 11 months ago
c4-pre-sort
commented
11 months ago raymondfam marked the issue as sufficient quality report
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #4
c4-pre-sort
commented
11 months ago raymondfam marked the issue as duplicate of #514
c4-judge
commented
11 months ago fatherGoose1 marked the issue as unsatisfactory: Invalid
c4-judge
commented
11 months ago fatherGoose1 changed the severity to QA (Quality Assurance)
c4-judge
commented
10 months ago fatherGoose1 marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-10-ethena/blob/main/contracts/StakedUSDeV2.sol#L111
Vulnerability details
when a user approve someone to spend his fund on , the approved user can withdraw his amount by calling
cooldownSharesfunction this function would add a cooldown duration to the cooldownEnd of the user . its possible to add as any cooldown duration to someone's cooldownend as you want as long as you can keep callingcooldownSharesfunction with parameters being set as : owner : the user you want to grief and the shares would be the amount that you would waste on griefing the user .it does not matter how much money you want to waste , the same cooldownshare would get added everytime . so its possible to add a very small number of shares for the attacker so he wont lose lots of funds .
the function would then check the approval in _withdraw internal function .
the user it self may had some funds locked and waiting for the cooldown to get ended but by greifing him he will never be able to wirhtdraw funds .
the user may had approved attacker a little money . but its on attacker control to do this in as many times as he want by using smaller input shares
Assessed type
DoS