Closed howlbot-integration[bot] closed 1 month ago
d1ll0n
commented
1 month ago We listed in the known issues page in the documentation that we would not be accepting reports related to minor rounding errors:
Also, the supposed "dos" vector is a user depositing an amount of ~1 wei and having their transaction revert. I wouldn't call a self-dos vector a vulnerability.
3docSec
commented
1 month ago The finding lacks a description of how the scale factor could reasonably grow high enough to DoS "reasonably small" (a few wei's aren't) deposits.
c4-judge
commented
1 month ago 3docSec marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2024-08-wildcat/blob/main/src/libraries/MarketState.sol#L76-L78 https://github.com/code-423n4/2024-08-wildcat/blob/main/src/market/WildcatMarket.sol#L67-L68 https://github.com/code-423n4/2024-08-wildcat/blob/main/src/market/WildcatMarketToken.sol#L74-L76 https://github.com/code-423n4/2024-08-wildcat/blob/main/src/market/WildcatMarketWithdrawals.sol#L140-L141
Vulnerability details
Vulnerability Description:
The
scale factoris initialized to1e27when a market is created and constantly grows as interest accrues, as documented in the "Scale Factor.md" and "Core Behavior.md" files. This design causes theMarketState.scaleAmountfunction, which divides an amount by the current scale factor, to potentially return zero for smaller amounts as the scale factor grows. This issue affects three functions:WildcatMarket._depositUpTo,WildcatMarketToken._transfer, andWildcatMarketWithdrawals.queueWithdrawal.In these functions:
As the
scale factorincreases over time due to compounding interest, smaller deposits, transfers, or withdrawals can result in ascaledAmountof zero. This leads to the contract reverting with errors likeNullMintAmount, NullTransferAmount, or NullBurnAmount, effectively preventing small asset amounts from being processed.Impact:
Over time, as the
scale factor growswithaccrued interest, the minimum amount required to deposit, transfer, or withdraw tokens increases, making smaller transactions impossible. This could be a significant usability issue, especially for users who wish to make small deposits or withdrawals in a mature market. This will effectively DoS the users with smaller funds (budget) in using thewildcat protocol.Proof of Concept (PoC):
In WildcatMarket._depositUpTo function :
If the scale factor has grown to a large value, smaller deposits will result in a
scaledAmountof zero, causing the transaction to revert.This issue also present in the WildcatMarketToken._transfer function:
This issue also present in the WildcatMarketWithdrawals.queueWithdrawal function:
https://github.com/code-423n4/2024-08-wildcat/blob/main/src/libraries/MarketState.sol#L76-L78 https://github.com/code-423n4/2024-08-wildcat/blob/main/src/market/WildcatMarket.sol#L67-L68 https://github.com/code-423n4/2024-08-wildcat/blob/main/src/market/WildcatMarketToken.sol#L74-L76 https://github.com/code-423n4/2024-08-wildcat/blob/main/src/market/WildcatMarketWithdrawals.sol#L140-L141
Recommended Fix:
Hence it is recommended to update each of the above functions where this issue exists, to introduce lower threshold amounts which the users can operate with. If the
amountis greater than these lower threshold values thescaledAmountshould be rounded up to 1 even though the division by scale factor results in0. This will enable users with smaller funds to use this protocol even after thescale factorhas increased to a larger value as the protocol matures.Assessed type
Other