Closed c4-bot-10 closed 5 months ago
JustDravee marked the issue as duplicate of #489
JustDravee marked the issue as sufficient quality report
koolexcrypto marked the issue as unsatisfactory: Invalid
koolexcrypto marked the issue as unsatisfactory: Invalid
koolexcrypto marked the issue as nullified
koolexcrypto marked the issue as not nullified
koolexcrypto marked the issue as duplicate of #1001
koolexcrypto marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L119-L153 https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L184-L202
Vulnerability details
Impact
Malicious actors can prevent users from calling the withdraw and redeemDyad functions by frontrunning their transactions with a nominal deposit to their vault.
Proof of Concept
The deposit function in VaultManagerV2 is publicly available, and can be used to prevent users from withdrawing funds from their DNft. This is accomplished by front-running a user's withdraw transaction and depositing 1 wei of collateral into any of the user's vaults. This will trigger the flashloan protection condition in the withdraw function:
This results in a denial of service attack where users are prevented from withdrawing their funds for as long as the attacker wants.
This attack also extends to the redeemDyad function, as it calls the withdraw function after burning dyad from the user's wallet. This makes it so the user is unable with withdraw their collateral, and unable to redeem their Dyad.
Tools Used
Manual Review
Recommended Mitigation Steps
The deposit function should restrict who can deposit funds into a user's vault considering it is responsible for a couple of similar issues.
Assessed type
DoS