Open hats-bug-reporter[bot] opened 8 months ago
User can always use a separate NFT, it costs gas for attacker to block specific _nftId
deposits, attacker needs to perfrom MAX_TOTAL_TOKEN_NUMBER transactions + deposit dusts (considered to have minimum deposit amount). User simply mints another NFT and carry on with a different position use. Amount of pools can vary on final value of MAX_TOTAL_TOKEN_NUMBER.
Purpose of MAX_TOTAL_TOKEN_NUMBER is to make sure user cannot run into out of gas issues when depositing in too many pools, so MAX_TOTAL_TOKEN_NUMBER might be closer to something like 80 instead of 8 in the final version. It costs more for an attacker to commit to this than for user to simply mint another NFT just from gas costs alone.
Github username: @bahurum Twitter username: bahurum Submission hash (on-chain): 0xeb9b01b0239038e2046821da7520c0f0ce211ee751d1d0394967435e36c2d3ed Severity: medium
Description: Description\ A user cannot deposit more than
MAX_TOTAL_TOKEN_NUMBER
different tokens, seeMainHelper.sol
.WiseLending
is not upgradeable andMAX_TOTAL_TOKEN_NUMBER
is set constant at 8. The protocol will offer more than 8 collateral tokens as can be seen from the tests. Since anyone can deposit on behalf of the user, an attacker can exploit this to temporarily block deposits of some tokens for the user.Attack Scenario\ There are more than 8 tokens that can be deposited.
Impact\ Deposits can be blocked temporarily by an attacker. This is of particular concern if the victim is an external protocol which uses Wise lending as it could not be possible to withdraw the dust tokens quickly or at all, leading to prolonged or permanent loss of interoperability.
Recommendation\ Two possible suggestions:
MAX_TOTAL_TOKEN_NUMBER
.MAX_TOTAL_TOKEN_NUMBER
high enough that it will be always more than the amount of pools created.Attachments
testDoSDeposits()
to theWiseLendingPrecisionLoss.t.sol
test file. See file attached.Files: