Closed c4-bot-10 closed 7 months ago
bytes032 marked the issue as sufficient quality report
bytes032 marked the issue as primary issue
tserg (sponsor) confirmed
tserg marked the issue as disagree with severity
The likelihood of hitting the recursion limit is low given that the recursion limit is unclear and with reference to Liquity, which has had 878 stability pool liquidations since its inception, and Opus will likely have less because of searcher liquidations.
The Warden has outlined a way in which the code may come close to the recursion limit of the Cairo language due to an asset having no absorption errors to carry over.
I believe that the likelihood of such an instance is very low as it assumes that the arithmetic calculations have all been carried out perfectly and that the absorption ID has become so high that the recursion limit can be breached.
A risk level of QA (NC) is better suited for this particular case, and there are many ways this particular issue can be mitigated.
alex-ppg marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2024-01-opus/blob/4720e9481a4fb20f4ab4140f9cc391a23ede3817/src/core/absorber.cairo#L745
Vulnerability details
Vulnerability details
In
update_absorbed_asset()
it will useget_recent_asset_absorption_error()
to get the most recentlast_error
.get_recent_asset_absorption_error()
internally is a recursive call to the nextabsorption
. Example: absorption_id = 1000get_recent_asset_absorption_error(1000) -> get_recent_asset_absorption_error(999) .....get_recent_asset_absorption_error(0)
Normally, it will not recursively call to
absorption_id=0
, because in most casesabsorption.asset_amt_per_share
orabsorption.error
will have values.But there is one exception: for the newly added
yang
, the oldabsorption
'sasset_amt_per_share/error
will both be 0, causing it to recurse from 1000 to 0.get_recent_asset_absorption_error(1000) -> .....get_recent_asset_absorption_error(0)
Most languages have a
recursion limit
.Python's default is 1000, I'm not sure what
cairo
's is.I tried testing to 15000 and it gave an error.
Proof of Concept
Impact
Exceeding the recursion limit causes an error, or generates a large GAS.
Recommended Mitigation
get_recent_asset_absorption_error ()
add max recursionAssessed type
Error