DoS when _MT_FEE_QUOTE_ and/or _MT_FEE_BASE_ get too big
Summary
An issue has been identified in the smart contract where accumulating fees, tracked by _MT_FEE_BASE_ and _MT_FEE_QUOTE_, could lead to a Denial of Service (DoS).
Vulnerability Detail
The contract tracks fees through _MT_FEE_BASE_ and _MT_FEE_QUOTE_, which increase with sellQuote(), sellBase(), and flashLoan() calls. The only reduction mechanism is the withdrawMtFeeTotal() function, accessible to the maintainer.
Impact
If the maintainer fails to regularly withdraw fees, these variables could grow large enough to cause DoS, impacting critical functions.
nisedo
medium
DoS when
_MT_FEE_QUOTE_
and/or_MT_FEE_BASE_
get too bigSummary
An issue has been identified in the smart contract where accumulating fees, tracked by
_MT_FEE_BASE_
and_MT_FEE_QUOTE_
, could lead to a Denial of Service (DoS).Vulnerability Detail
The contract tracks fees through
_MT_FEE_BASE_
and_MT_FEE_QUOTE_
, which increase withsellQuote()
,sellBase()
, andflashLoan()
calls. The only reduction mechanism is thewithdrawMtFeeTotal()
function, accessible to the maintainer.Impact
If the maintainer fails to regularly withdraw fees, these variables could grow large enough to cause DoS, impacting critical functions.
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPFunding.sol#L41-L42
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPTrader.sol#L51
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPTrader.sol#L93
Tool used
Manual Review
Recommendation
Implement a mechanism to periodically or automatically manage fee withdrawals or limit fee accumulation to prevent overflow and DoS scenarios.