search

code-423n4 / 2024-01-opus-findings

0 stars 0 forks source link

Denial of Service (DoS) attack in the loop. #198

Closed c4-bot-7 closed 9 months ago

c4-bot-7 commented 10 months ago

Lines of code

https://github.com/code-423n4/2024-01-opus/blob/4720e9481a4fb20f4ab4140f9cc391a23ede3817/src/core/abbot.cairo#L108

Vulnerability details

Proof of Concept

fn get_user_trove_ids(self: @ContractState, user: ContractAddress) -> Span<u64> {
    let mut trove_ids: Array<u64> = ArrayTrait::new();
    let user_troves_count: u64 = self.user_troves_count.read(user);
    let mut idx: u64 = 0;

    loop {
        if idx == user_troves_count {
            break trove_ids.span();
        }
        trove_ids.append(self.user_troves.read((user, idx)));
        idx += 1;
    }
}

 

This loop iterates through user_troves to collect trove IDs associated with a particular user. The potential for a DoS attack arises if user_troves_count is very large, causing the loop to execute a large number of iterations. Each iteration involves reading from storage and appending to trove_ids.

If an attacker can manipulate the contract state such that user_troves_count for a specific user is excessively large, they could force the loop to consume a significant amount of gas, potentially leading to out-of-gas errors or significantly delaying the execution of this function.

Recommended Mitigation Steps

To mitigate this potential DoS vulnerability, you should consider:

  1. Limiting the maximum allowed size of user_troves_count or user_troves to prevent excessive gas consumption.
  2. Implementing gas limits and other resource constraints to prevent abusive behavior.
  3. Optimizing the storage layout and data structures to reduce gas consumption and improve efficiency.
  4. Thoroughly testing the contract with various inputs, including extreme cases, to ensure robustness against DoS attacks.

By implementing these measures, you can help protect the contract against potential DoS attacks.

Assessed type

DoS

c4-pre-sort commented 9 months ago

bytes032 marked the issue as insufficient quality report

alex-ppg commented 9 months ago

The Warden specifies how a DoS attack can naturally occur as the troves of a user expand to a significant size. The referenced function is not utilized in any sensitive functions in the system and is a function meant to be externally invoked. While pagination can be introduced, this is more of a QA (NC) recommendation rather than an HM vulnerability.

c4-judge commented 9 months ago

alex-ppg changed the severity to QA (Quality Assurance)

c4-judge commented 9 months ago

alex-ppg marked the issue as grade-c