Potential gas-griefing attack in batchUpdate() function

[hats-bug-reporter[bot]]

Github username: @@rodiontr Submission hash (on-chain): 0x804931a60cdcc85e36a48c79bd4dff93c5f470e2476a17c06587ace17dfb61fe Severity: medium severity

Description:

Vulnerability Report

Description in DistributionManager.sol, there is an internal function that takes memory array of user's assets as user-input parameter. It can potentially lead to a DoS attack as having an array as a memory parameter in an internal function creates a complete copy of it and if it grows too big it can lead to a memory corruption Attack Scenario User can provide an array that can grow and create memory corruption

2. Revised Code File (Optional) https://github.com/VMEX-finance/vmex/blob/master/packages/contracts/contracts/protocol/incentives/DistributionManager.sol#L155

Recommendation: enfore array size limit

[ksyao2002]

Thanks for the report. I do not believe this can lead to a DoS since the _batchUpdate function is only used in claimReward and claimAllRewards. If they do enter too many assets and it leads to OOG, they can simply call the claimAllRewards function again with less assets. No other users will be affected.

This isn't considered a gas griefing attack. Those attacks are when using .call to call another contract, since .call does not enforce that the call has enough gas to finish the subcall.

Please provide more details if you would like to further discuss.