Description:Description\
The withdraw function in the VaultBitcoinWallet contract does not correctly handle cases where the amount is insufficient to cover both the network fee and the protocol fees. This can potentially lead to an underflow Reverts or Dos.
and not to forget that satoshiPerByte and minWithdrawalLimit has no upper limit.
function setFee(uint64 _satoshiPerByte) public {
require(msg.sender == feeSetter);
emit FeeSet(_satoshiPerByte);
satoshiPerByte = _satoshiPerByte;
}
therefore in real world scenario amount can be equal to BYTES_PER_OUTGOING_TRANSFER * satoshiPerByte.
Attack Scenario\
Describe how the vulnerability can be exploited.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x6325c186e930458035fb83e62bd79d10e816a37ae8ba36a14d94130eb2de4384 Severity: low
Description: Description\ The
withdraw
function in theVaultBitcoinWallet
contract does not correctly handle cases where theamount
is insufficient to cover both thenetwork fee
and theprotocol fees
. This can potentially lead to an underflow Reverts or Dos. and not to forget thatsatoshiPerByte
andminWithdrawalLimit
has no upper limit.therefore in real world scenario
amount
can be equal toBYTES_PER_OUTGOING_TRANSFER * satoshiPerByte
.Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Example Scenario Demonstrating the Issue
Network Fee Calculation: networkFee = BYTES_PER_OUTGOING_TRANSFER satoshiPerByte networkFee = 30 2 = 60 satoshis
Amount After Network Fee: amountAfterNetworkFee = amount - networkFee amountAfterNetworkFee = 700 - 60 = 640 satoshis
Check Against minWithdrawalLimit: require(amountAfterNetworkFee >= minWithdrawalLimit, "AFL") 640 < 700 (This check fails)
Revised Code File (Optional)