Closed c4-submissions closed 10 months ago
https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/market/WildcatMarketConfig.sol#L171-L194
griefing attack can happen at setReserveRationBips by lenders .
here is how liquidity work
function liquidityRequired( MarketState memory state ) internal pure returns (uint256 _liquidityRequired) { uint256 scaledWithdrawals = state.scaledPendingWithdrawals; uint256 scaledRequiredReserves = (state.scaledTotalSupply - scaledWithdrawals).bipMul( state.reserveRatioBips ) + scaledWithdrawals; return state.normalizeAmount(scaledRequiredReserves) + state.accruedProtocolFees + state.normalizedUnclaimedWithdrawals;
}
by front running, lenders call queueWithdrawal with certain amount while controller try to setReserveRationBips .Transaction will be revert
manual view
add pause function , then pause when protocol call is being executed
DoS
minhquanym marked the issue as low quality report
Insufficient proof
MarioPoneder marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/market/WildcatMarketConfig.sol#L171-L194
Vulnerability details
Impact
griefing attack can happen at setReserveRationBips by lenders .
Proof of Concept
here is how liquidity work
}
by front running, lenders call queueWithdrawal with certain amount while controller try to setReserveRationBips .Transaction will be revert
Tools Used
manual view
Recommended Mitigation Steps
add pause function , then pause when protocol call is being executed
Assessed type
DoS