search

sherlock-audit / 2024-02-rubicon-finance-judging

5 stars 3 forks source link

hunter_w3b - `BaseGladiusReactor::executeBatch` vulnerable to DOS attack #61

Closed sherlock-admin2 closed 9 months ago

sherlock-admin2 commented 9 months ago

hunter_w3b

medium

BaseGladiusReactor::executeBatch vulnerable to DOS attack

Summary

The BaseGladiusReactor contract is vulnerable to denial of service attacks due to lacking limits on the batch size for executeBatch calls. This allows attackers to craft transactions that consume excessive gas, targeting block gas limits.

Affected Functions

Vulnerability Detail

These functions allow filling multiple orders in a single transaction via a batch. However, there are no limits placed on the number of orders that can be included in a batch.


    function executeBatch(
        SignedOrder[] calldata orders,
        uint256[] calldata quantities
    ) external payable override nonReentrant {
        uint256 ordersLength = orders.length;
        if (quantities.length != ordersLength) revert LengthMismatch();

        ResolvedOrder[] memory resolvedOrders = new ResolvedOrder[](
            ordersLength
        );

        unchecked {
            for (uint256 i = 0; i < ordersLength; i++) {
                resolvedOrders[i] = resolve(orders[i], quantities[i]);
            }
        }

An attacker could craft a transaction with an abnormally large number of orders, consuming far more gas than typical transactions. If submitted close to the block gas limit, it could cause other legitimate transactions to fail due to hitting the limit.

Impact

Users suffer from higher transaction costs if gas prices increase due to bloating

Code Snippet

https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/reactors/BaseGladiusReactor.sol#L104-L129

https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/reactors/BaseGladiusReactor.sol#L82-L101

Tool used

Manual Review

Recommendation

sherlock-admin commented 9 months ago

3 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

I don't see how this will harm users

PNS commented:

M-1 OZ Audit; Fillers generally estimate gas before execution and use private mempools like flashbots or mevblocker.

0xAadi commented:

Invalid: this will not DOS the protocol, users can reduce the size of the orders and resubmit