search

code-423n4 / 2024-06-thorchain-validation

1 stars 0 forks source link

Lack of input validation in THORChain_Router:depositWithExpiry() can lead to DoS #222

Closed c4-bot-6 closed 4 months ago

c4-bot-6 commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-06-thorchain/blob/e3fd3c75ff994dce50d6eb66eb290d467bd494f5/chain/ethereum/contracts/THORChain_Router.sol#L131-L160

Vulnerability details

Impact

The depositWithExpiry() in the router contract is an external function used as the entry point of the protocol so, anyone can call it with any amount.

 function depositWithExpiry(
    address payable vault,
    address asset,
    uint amount,
    string memory memo,
    uint expiration
  ) external payable {
    require(block.timestamp < expiration, "THORChain_Router: expired");
    _deposit(vault, asset, amount, memo);
  }
function _deposit(
    address payable vault,
    address asset,
    uint amount,
    string memory memo
  ) private nonReentrant {
    uint safeAmount;
    if (asset == address(0)) {
      safeAmount = msg.value;
      bool success = vault.send(safeAmount);
      require(success);
  ...

As there is no check for the input amount, A malicious contract can implement a deposit function in a loop with deposit amount = 0 thus Dosing the router and losing only the gas fees.

Proof of Concept

While the attacker will not benefit financially from this attack, It will impact the router's functionality and harm the protocol's reputation.

Tools Used

Manual review

Recommended Mitigation Steps

It is crucial to ensure the input from the user is properly validated. A minimum amount can be checked to avoid this vulnerability.

Assessed type

DoS