search

sherlock-audit / 2023-09-Gitcoin-judging

11 stars 7 forks source link

albert - The createPool function is vulnerable to a DOS attack. #960

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

albert

high

The createPool function is vulnerable to a DOS attack.

createPool checks if the strategy.poolId is valid. However, the strategy was created before poolId increased.

Vulnerability Detail

An attacker can call createPool before the user, and let the following line always revert. 

        if (_strategy.getPoolId() != poolId || address(_strategy.getAllo()) != address(this)) revert MISMATCH();

Impact

Protocol can't function well

Code Snippet

Tool used

Manual Review

Recommendation

Bind the create strategy inside of createPool

sherlock-admin commented 1 year ago

1 comment(s) were left on this issue during the judging contest.

n33k commented:

invalid, ow