Closed c4-bot-9 closed 5 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #198
The hint system has been in place to circumvent the described issue.
hansfriese marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/libraries/LibOrders.sol#L430-L462 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/libraries/LibOrders.sol#L448-L449
Vulnerability details
Description
getOrderId
function is responsible for finding the correct position to insert an order in the orderbook when an invalid hint is provided. It takes the following inputs:orders
: The mapping representing the orderbook.asset
: The address of the asset being traded.direction
: The direction to search (C.PREV for previous, C.NEXT for next).hintId
: The ID of the hint to start the search from._newPrice
: The price of the order being inserted.orderType
: The type of the order being inserted.LibOrders.sol#getOrderId
The function iterates through the order list, starting from the provided
hintId
, and compares the prices using theverifyId
function. It continues searching in the specified direction (C.PREV
for previous,C.NEXT
for next) until it finds the correct position for the order.Vulnerability Details
When a large number of orders with invalid hints are submitted to the system. Since the
getOrderId
function falls back to a full search when an invalid hint is provided, it can lead to significant gas consumption and slow down the order insertion process.The line responsible for the vulnerability is the while (true) loop in the
getOrderId
function, which allows for unbounded iteration.When a large number of orders with invalid hints are submitted, the
getOrderId
function is triggered repeatedly, leading to excessive iteration and gas consumption. The function continues to iterate through the order list, searching for the correct position, even if the hint is far off or the order list is extensive.Impact
The excessive gas consumption caused by orders with invalid hints can slow down or even halt the order insertion process, leading to a denial-of-service situation. This can prevent legitimate orders from being processed in a timely manner.
Proof of Concept
Scenario:
getOrderId
function for each order with an invalid hint.getOrderId
function iterates through the order list without any limit, consuming a significant amount of gas.Recommended Mitigation Steps
getOrderId
function.getOrderId
function to prevent excessive gas consumption.getOrderId
function.Assessed type
DoS