Any user can increase the lock time of an account on a token specific basis by locking a small amount of that token.
Proof of Concept
Tokens can either be locked with lock or with lockOnBehalf, which allows an account to lock tokens on behalf of any account, calling the private _lock function. Unlock time is tracked per token per account, and locking any amount of tokens for an account will increase their unlockTime.
In the _lock function, used by lock and lockOnBehalf
This can be used to delay the unlock time for a user longer than expected, potentially causing a DOS on unlocking tokens should a malicious user decide to abuse this.
Tools Used
Manual review
Recommended Mitigation Steps
Only allow account approved operators to lock on behalf of their account.
Lines of code
https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L382-L384
Vulnerability details
Impact
Any user can increase the lock time of an account on a token specific basis by locking a small amount of that token.
Proof of Concept
Tokens can either be locked with
lockor withlockOnBehalf, which allows an account to lock tokens on behalf of any account, calling the private_lockfunction. Unlock time is tracked per token per account, and locking any amount of tokens for an account will increase theirunlockTime.In the
_lockfunction, used bylockandlockOnBehalfhttps://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L382-L384
This can be used to delay the unlock time for a user longer than expected, potentially causing a DOS on unlocking tokens should a malicious user decide to abuse this.
Tools Used
Manual review
Recommended Mitigation Steps
Only allow account approved operators to lock on behalf of their account.
Assessed type
DoS