c4-bot-4 commented 10 months ago

Lines of code

https://github.com/re-nft/smart-contracts/blob/3ddd32455a849c3c6dc3c3aad7a33a6c9b44c291/src/policies/Stop.sol#L194

Vulnerability details

The _removeHooks function processes an array of hooks without considering the potential for a hook to consume an excessive amount of gas, which could be used as a griefing vector.

function _removeHooks(
    Hook[] calldata hooks,
    Item[] calldata rentalItems,
    address rentalWallet
) internal {
    // Loop through each hook in the payload.
    for (uint256 i = 0; i < hooks.length; ++i) {
        // Call the hook with data about the rented item.
        try IHook(target).onStop(...) { ... }
        catch { ... }
    }
}

Impact

A maliciously designed hook could intentionally consume a large amount of gas, causing the transaction to fail due to out-of-gas errors. This could prevent legitimate stops from being processed.

The contract does not limit the gas that can be used by each hook, nor does it have a fallback mechanism if a hook consumes too much gas. This could be exploited by an attacker to disrupt the normal operation of the contract through gas griefing.

Assessed type

Other

c4-pre-sort commented 10 months ago

141345 marked the issue as insufficient quality report

c4-judge commented 10 months ago

0xean marked the issue as unsatisfactory: Insufficient quality

code-423n4 / 2024-01-renft-findings

Gas Griefing in Hook Execution #533

Lines of code

Vulnerability details

Impact

Assessed type