c4-bot-10 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L119-L153 https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L184-L202

Vulnerability details

Impact

Malicious actors can prevent users from calling the withdraw and redeemDyad functions by frontrunning their transactions with a nominal deposit to their vault.

Proof of Concept

The deposit function in VaultManagerV2 is publicly available, and can be used to prevent users from withdrawing funds from their DNft. This is accomplished by front-running a user's withdraw transaction and depositing 1 wei of collateral into any of the user's vaults. This will trigger the flashloan protection condition in the withdraw function:

if (idToBlockOfLastDeposit[id] == block.number) revert DepositedInSameBlock();

This results in a denial of service attack where users are prevented from withdrawing their funds for as long as the attacker wants.

This attack also extends to the redeemDyad function, as it calls the withdraw function after burning dyad from the user's wallet. This makes it so the user is unable with withdraw their collateral, and unable to redeem their Dyad.

Tools Used

Manual Review

Recommended Mitigation Steps

The deposit function should restrict who can deposit funds into a user's vault considering it is responsible for a couple of similar issues.

Assessed type

DoS

c4-pre-sort commented 5 months ago

JustDravee marked the issue as duplicate of #489

c4-pre-sort commented 5 months ago

JustDravee marked the issue as sufficient quality report