search

sherlock-audit / 2023-12-arcadia-judging

18 stars 15 forks source link

0xRich_forEver - H-1: Liquidation Reverts due Block Gas Limit #174

Closed sherlock-admin closed 7 months ago

sherlock-admin commented 7 months ago

0xRich_forEver

high

H-1: Liquidation Reverts due Block Gas Limit

Summary

The liquidateAccount function in Liquidator.sol may encounter issues when attempting to liquidate accounts with a large number of assets, including ERC20, ERC721, and ERC1155 tokens. The liquidateAccount function calls AccountV1.sol::startLiquidation and it will call AccountV1.sol::generateAssetData and Registry.sol::getValuesInNumeraire, which aggregates asset data, and then proceeds to value these assets through a series of calls to oracle modules. This process can consume a significant amount of gas, potentially exceeding the block gas limit and causing the transaction to revert.

Vulnerability Detail

The vulnerability arises from the unbounded loop within the AccountV1.sol::generateAssetData , Registry.sol::getValuesInNumeraire,Registry.sol::getValuesInUsd, Registry.sol::getRateInUsd function, which iterates over all assets held by an account. The subsequent valuation process involves multiple external calls to oracle modules for each asset to determine their USD value. As the number of assets increases, the cumulative gas cost of these operations may surpass the block gas limit, leading to transaction failure.

Impact

If the liquidateAccount::Liquidator.sol function fails due to high gas costs, the account in question cannot be liquidated. This failure can result in bad debt within the protocol, as the assets remain unsold and the associated debt remains unpaid. It also prevents liquidators from performing their role, potentially impacting the protocol's stability and trustworthiness

Code Snippet

https://github.com/sherlock-audit/2023-12-arcadia/blob/de7289bebb3729505a2462aa044b3960d8926d78/accounts-v2/src/accounts/AccountV1.sol#L1238-L1287

https://github.com/sherlock-audit/2023-12-arcadia/blob/de7289bebb3729505a2462aa044b3960d8926d78/accounts-v2/src/Registry.sol#L695-L703

https://github.com/sherlock-audit/2023-12-arcadia/blob/de7289bebb3729505a2462aa044b3960d8926d78/accounts-v2/src/Registry.sol#L655-L664

https://github.com/sherlock-audit/2023-12-arcadia/blob/de7289bebb3729505a2462aa044b3960d8926d78/accounts-v2/src/Registry.sol#L586-L599

Tool used

Manual Review

Recommendation

To ensure compliance with the block gas limit, one approach is to implement a logic revision that mitigates the necessity of iterating over the entire set of existing Assets. Alternatively, constraining the number of Assets within a manageable threshold can prevent exceeding the block gas limit. These strategies aim to optimize efficiency and maintain system integrity within the constraints of blockchain resource limitations.

sherlock-admin2 commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

nevillehuang commented 7 months ago

Invalid based on sherlocks OOG rule. Additionally, I am doubtful OOG will even occur based on number or supported tokens noted in contest details, or at least this issue definitely does not prove that.

  1. Out of Gas: Issues that result in Out of Gas errors either by the malicious user filling up the arrays or there is a practical call flow that results in OOG can be considered a valid medium or in cases of blocking all user funds forever maybe a valid high. Exception: In case the array length is controlled by the trusted admin/owner or the issue describes an impractical usage of parameters to reach OOG state then these submissions would be considered as low.