search

code-423n4 / 2024-02-althea-liquid-infrastructure-findings

3 stars 1 forks source link

Blacklisted Address on ERC20 tokens can lead to Denial of Service #707

Closed c4-bot-10 closed 7 months ago

c4-bot-10 commented 7 months ago

Lines of code

https://github.com/code-423n4/2024-02-althea-liquid-infrastructure/blob/main/liquid-infrastructure/contracts/LiquidInfrastructureERC20.sol#L198

Vulnerability details

Description

The Some ERC20 tokens such as USDT and USDC allows blacklisting certain user addresses from transferring tokens. When this blacklisted address is a part of the holders, the distribute(uint256 numDistributions) will revert leading to a denial of service.

Impact

The distribute(uint256 numDistributions) will lead to denial to service

Proof of Concept

Tools Used

Manual Review

Recommended Mitigation Steps

Implement a check for blacklisted address to the distribute(uint256 numDistributions) function.

Assessed type

DoS

c4-pre-sort commented 7 months ago

0xRobocop marked the issue as duplicate of #616

c4-pre-sort commented 7 months ago

0xRobocop marked the issue as insufficient quality report

c4-judge commented 6 months ago

0xA5DF changed the severity to QA (Quality Assurance)

c4-judge commented 6 months ago

0xA5DF marked the issue as grade-c

0xA5DF commented 6 months ago

Low quantity