The liquidity_lockbox contract does not enforce a minimum deposit limit. This allows a user to open many positions with minimum liquidity, forcing other users to close these positions one by one in order to withdraw. This could lead to a griefing attack where the transaction cost accounts for a large portion of the withdrawn amount.
While transactions on Solana are cheap and it is difficult to assess the cost of a withdrawal as the external call on line fails, an accumulation of small deposits as portrayed will in any case disrupt contract operations by making substantial fund withdrawals labor-intensive.
The root cause of this issue is the lack of a minimum deposit threshold in the deposit() function in lockbox-solana/solidity/liquidity_lockbox.sol.
Proof of Concept
Consider the following scenario:
Alice, a malicious user, opens a large number of positions with minimum liquidity in the liquidity_lockbox contract.
Bob, a regular user, wants to withdraw his funds. However, he is forced to close Alice's positions one by one due to the lack of a minimum deposit threshold.
The transaction cost for Bob becomes a significant portion of the withdrawn amount, making the withdrawal of funds inefficient and costly.
Tools Used
Manual review
Recommended Mitigation Steps
To mitigate this issue, a minimum deposit threshold should be implemented in the deposit() function. This would prevent users from opening positions with minimum liquidity and protect other users from potential griefing attacks. The threshold should be carefully chosen to balance the need for user flexibility and the protection against potential attacks. Additionally, consider implementing a mechanism to batch close positions to further protect against such scenarios.
Lines of code
https://github.com/code-423n4/2023-12-autonolas/blob/main/lockbox-solana/solidity/liquidity_lockbox.sol#L140-L190
Vulnerability details
Impact
The
liquidity_lockbox
contract does not enforce a minimum deposit limit. This allows a user to open many positions with minimum liquidity, forcing other users to close these positions one by one in order to withdraw. This could lead to a griefing attack where the transaction cost accounts for a large portion of the withdrawn amount.While transactions on Solana are cheap and it is difficult to assess the cost of a withdrawal as the external call on line fails, an accumulation of small deposits as portrayed will in any case disrupt contract operations by making substantial fund withdrawals labor-intensive.
The root cause of this issue is the lack of a minimum deposit threshold in the
deposit()
function inlockbox-solana/solidity/liquidity_lockbox.sol
.Proof of Concept
Consider the following scenario:
liquidity_lockbox
contract.Tools Used
Manual review
Recommended Mitigation Steps
To mitigate this issue, a minimum deposit threshold should be implemented in the
deposit()
function. This would prevent users from opening positions with minimum liquidity and protect other users from potential griefing attacks. The threshold should be carefully chosen to balance the need for user flexibility and the protection against potential attacks. Additionally, consider implementing a mechanism to batch close positions to further protect against such scenarios.Assessed type
Other