sherlock-admin
commented
9 months ago 1 comment(s) were left on this issue during the judging contest.
0xAadi commented:
Invalid: Lack of details or POC
Closed sherlock-admin2 closed 9 months ago
sherlock-admin
commented
9 months ago 1 comment(s) were left on this issue during the judging contest.
0xAadi commented:
Invalid: Lack of details or POC
Debych
high
Griefer maker can cause DOS
Summary
Maker can pass output receiver as arbitrary address, e.g. contract that does not accept native tokens, and manipulate this behaviour until it is profitable
Vulnerability Detail
Reactor will send the output set of tokens to the address provided by the maker. Output token can be native and it is transferred via .call with is required to be successful
https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/lib/CurrencyLibrary.sol#L56-L58
Impact
DOS by maker that can prevent unprofitable trades
Code Snippet
https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/lib/CurrencyLibrary.sol#L56-L58
Tool used
Manual Review
Recommendation
Have makers withdraw their tokens instead of sending it to them or send a wrapped token in case of failure