Closed sherlock-admin closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid based on sherlocks OOG rule. Additionally, I am doubtful OOG will even occur based on number or supported tokens noted in contest details, or at least this issue definitely does not prove that.
- Out of Gas: Issues that result in Out of Gas errors either by the malicious user filling up the arrays or there is a practical call flow that results in OOG can be considered a valid medium or in cases of blocking all user funds forever maybe a valid high. Exception: In case the array length is controlled by the trusted admin/owner or the issue describes an impractical usage of parameters to reach OOG state then these submissions would be considered as low.
0xRich_forEver
high
H-1: Liquidation Reverts due Block Gas Limit
Summary
The
liquidateAccount
function inLiquidator.sol
may encounter issues when attempting to liquidate accounts with a large number of assets, including ERC20, ERC721, and ERC1155 tokens. TheliquidateAccount
function callsAccountV1.sol::startLiquidation
and it will callAccountV1.sol::generateAssetData
andRegistry.sol::getValuesInNumeraire
, which aggregates asset data, and then proceeds to value these assets through a series of calls to oracle modules. This process can consume a significant amount of gas, potentially exceeding the block gas limit and causing the transaction to revert.Vulnerability Detail
The vulnerability arises from the unbounded loop within the
AccountV1.sol::generateAssetData
,Registry.sol::getValuesInNumeraire
,Registry.sol::getValuesInUsd
,Registry.sol::getRateInUsd
function, which iterates over all assets held by an account. The subsequent valuation process involves multiple external calls to oracle modules for each asset to determine their USD value. As the number of assets increases, the cumulative gas cost of these operations may surpass the block gas limit, leading to transaction failure.Impact
If the
liquidateAccount::Liquidator.sol
function fails due to high gas costs, the account in question cannot be liquidated. This failure can result in bad debt within the protocol, as the assets remain unsold and the associated debt remains unpaid. It also prevents liquidators from performing their role, potentially impacting the protocol's stability and trustworthinessCode Snippet
https://github.com/sherlock-audit/2023-12-arcadia/blob/de7289bebb3729505a2462aa044b3960d8926d78/accounts-v2/src/accounts/AccountV1.sol#L1238-L1287
https://github.com/sherlock-audit/2023-12-arcadia/blob/de7289bebb3729505a2462aa044b3960d8926d78/accounts-v2/src/Registry.sol#L695-L703
https://github.com/sherlock-audit/2023-12-arcadia/blob/de7289bebb3729505a2462aa044b3960d8926d78/accounts-v2/src/Registry.sol#L655-L664
https://github.com/sherlock-audit/2023-12-arcadia/blob/de7289bebb3729505a2462aa044b3960d8926d78/accounts-v2/src/Registry.sol#L586-L599
Tool used
Manual Review
Recommendation
To ensure compliance with the block gas limit, one approach is to implement a logic revision that mitigates the necessity of iterating over the entire set of existing Assets. Alternatively, constraining the number of Assets within a manageable threshold can prevent exceeding the block gas limit. These strategies aim to optimize efficiency and maintain system integrity within the constraints of blockchain resource limitations.