search

sherlock-audit / 2023-06-dinari-judging

5 stars 4 forks source link

james_wu - No way to stop massive cancel requests on bridge, leads to DoS #133

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

james_wu

medium

No way to stop massive cancel requests on bridge, leads to DoS

Summary

Bridge works by handling events from blockchain. Historically Bridge is full of risks, therefore sustain event stream is essential in bridges and there were many DoS attacks in bridges so far. For creating order request, it's safe because it's not possible to send repeated request for remainingOrder check. However in cancelling order request, there is no check that the cancellation is already requested. These two actions are open to wild world, so we have to take care of them to make bridge safe. This can co-operate with other offline attacks to make possiblity to DoS attack.

Vulnerability Detail

Impact

Denial of Service

Code Snippet

https://github.com/sherlock-audit/2023-06-dinari/blob/main/sbt-contracts/src/issuer/OrderProcessor.sol#L308-L323

Tool used

Manual Review

Recommendation

Make flag array for cancellation requested orders, to prevent multiple requests.

Duplicate of #112

brown-qs commented 1 year ago

Escalate This is same as #112

sherlock-admin commented 1 year ago

Escalate This is same as #112

You've created a valid escalation!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

JeffCX commented 1 year ago

The report describes a web2 attack and is not scope and the report does not mention nonce and conflicted order id.

brown-qs commented 1 year ago

what's nonce and order id? I mentioned #112

Oot2k commented 1 year ago

Agree with senior Watson. Not in scope.

brown-qs commented 1 year ago

I just said this is duplicate of #112 which is marked as Valid now regardless what it will be later. So please mark this issue as duplicate

hrishibhat commented 1 year ago

Result: Invalid Duplicate of #112

sherlock-admin2 commented 1 year ago

Escalations have been resolved successfully!

Escalation status:

ctf-sec commented 1 year ago

@jaketimothy

https://github.com/dinaricrypto/sbt-contracts/issues/113

the fix stores the state to make sure a order cannot be cancel multiple times