Lack of deposit threshold

[hats-bug-reporter[bot]]

Github username: @https://github.com/sekkiat Twitter username: -- Submission hash (on-chain): 0xd3064ee5c12251e0d59ddb10b495019e1a48387128e208c62db9c67fec83856f Severity: low

Description: Description\ Users could potentially spam the function with 0 amount, leading to a large number of transactions and potentially increase gas costs for users.

Attack Scenario\ Spamming the function to increase the gas cost.

Attachments

1. Proof of Concept (PoC) File

    function deposit(uint256 amount) external nonReentrant {
        //@audit  Deposit doesn't add a threshold. Allows user to spam the function to delay the user deposit.
        bool success = makeTransferFrom(msg.sender, address(this) , amount);
        require(success, "TRANSFER_FAILED");
        uint256 depositId = allocateDepositId();
        emit Deposit(depositId, msg.sender, amount);
    }

Remediation

• Limit number of withdrawal requests per address
• Enforce a minimum deposit amount.

[alex-sumner]

The gas cost of any such attack would be borne entirely by the attacker. However if the gas fees are low enough it could be possible to cause problems this way.

[bahurum]

Duplicate of #22