code-423n4 / 2023-11-canto-findings

7 stars 6 forks source link

`createNewShare` is vulnerable to DoS griefing #111

Open c4-submissions opened 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L120

Vulnerability details

Impact

The current implementation may prevent users from creating new shares, leading to frustration and potentially harming the app's reputation.

Vulnerability Details

When creating new share via Market.createNewShare, there is a check to ensure that the shareName is unique: Market.sol#L120

function createNewShare(
    string memory _shareName,
    address _bondingCurve,
    string memory _metadataURI
) external onlyShareCreator returns (uint256 id) {
    ...
    require(shareIDs[_shareName] == 0, "Share already exists");
    ...
}

A malicious party could observe the mempool and frontrun createNewShare transactions, causing them to revert. This effectively blocks the user from registering new shares in the app.

While this issue wouldn't be a problem initially as creators are whitelisted, this could be problematic as the app opens to the public.

Proof of Concept

Recommended Mitigation Steps

Reconsider the necessity of unique shareName values. If on-chain uniqueness is important, implement strategies to counteract frontrunning, such as imposing a small fee or employing a commit-reveal process during share creation.

Assessed type

DoS

c4-pre-sort commented 1 year ago

minhquanym marked the issue as duplicate of #124

c4-judge commented 1 year ago

MarioPoneder changed the severity to QA (Quality Assurance)

c4-judge commented 12 months ago

MarioPoneder marked the issue as grade-b