Anyone can increse/grief users unlock time repeatedly by locking dust amounts .
Proof of Concept
lockOnBehalf functionality is for locoking on behalf of other users . Calling this function with a valid user as recipient will result in a increase in user's unlocktime equal to his lockduration . And there are no minimum threshold for the locking amount(_quantity) .
This can be used against user by locking dust amount of tokens on behalf of the victim . As there are no threshold regarding minimum locking amount ,locking dust amount of token will prolong user's unlocktime . And user will fail to unlock his funds as intended .And repeatedly doing this users fund can be locked for very long time . Because of the low gas cost on Blast Chain , this exploit can be pulled of in very low cost .
Tools Used
Manual review
Recommended Mitigation Steps
Two mitigation is possible :
Implement a minimum locking amount check .(Doesnot mitigate the issue completely )
Have a functionality where user can enable/disable " behalf of" locking on his position .
Lines of code
https://github.com/code-423n4/2024-05-munchables/blob/main/src/managers/LockManager.sol#L382
Vulnerability details
Impact
Anyone can increse/grief users unlock time repeatedly by locking dust amounts .
Proof of Concept
lockOnBehalf
functionality is for locoking on behalf of other users . Calling this function with a valid user as recipient will result in a increase in user'sunlocktime
equal to his lockduration . And there are no minimum threshold for the locking amount(_quantity
) .This can be used against user by locking dust amount of tokens on behalf of the victim . As there are no threshold regarding minimum locking amount ,locking dust amount of token will prolong user's unlocktime . And user will fail to unlock his funds as intended .And repeatedly doing this users fund can be locked for very long time . Because of the low gas cost on Blast Chain , this exploit can be pulled of in very low cost .
Tools Used
Manual review
Recommended Mitigation Steps
Two mitigation is possible :
Assessed type
Context