Users can dust the external `buy` function leading to drain all the gas

Summary

A faulty user can dust the external buy function with mass dump of arbitary values leading drain all the gas , as the function buy keeps iterating over the loop of args.length without checking the validity of protocolStorage().loan[arg.loanId] .

Vulnerability Detail

DOS with Block Gas Limit

Impact

denial of service causing inconvinience to other users or possibly leading to longer wait time

Code Snippet

https://github.com/sherlock-audit/2023-02-kairos/blob/main/kairos-contracts/src/AuctionFacet.sol#L25

function buy(BuyArg[] memory args) external {
        for (uint256 i = 0; i < args.length; i++) {
            useLoan(args[i]);
        }
    }

Tool used

Manual Review

Recommendation

check if the arg.loan id is valid , consider adding the following code snippet

require(protocolStorage().loan[args.loanId]!=0 , "revert")

sherlock-audit / 2023-02-kairos-judging

schrodinger - Users can dust the external `buy` function leading to drain all the gas #182

Users can dust the external `buy` function leading to drain all the gas

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2023-02-kairos-judging

schrodinger - Users can dust the external `buy` function leading to drain all the gas #182

Users can dust the external buy function leading to drain all the gas

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Users can dust the external `buy` function leading to drain all the gas