search

sherlock-audit / 2024-03-zivoe-judging

8 stars 6 forks source link

0xe4669da - [M-1] `ZivoeITO::depositSenior` allows 1 `wei` to be deposited and this could lead to Denial of Service attack #680

Closed sherlock-admin3 closed 6 months ago

sherlock-admin3 commented 6 months ago

0xe4669da

medium

[M-1] ZivoeITO::depositSenior allows 1 wei to be deposited and this could lead to Denial of Service attack

Summary

ZivoeITO::depositSenior and ZivoeITO::depositJunior allows deposit of 1 wei.

Vulnerability Detail

A malicious user having just 1 DAI can process millions of transactions and call ZivoeITO::depositSenior millions of times by depositing only 1 wei of DAI in each transaction. These transactions will be processed and considered legit by the code.

Impact

This vulnerability has various impacts. Due to a large number of malicious transactions, there could be network congestion and block gas limit exhaustion resulting into Denial of Service for other legit ZivoeITO::depositSenior transactions.

Another impact is that ZivoeITO::depositJunior will keep reverting because ZivoeITO::isJuniorOpen will return false because seniorSupp will be very much lower and convertedAmount will most probably always be higher than seniorSupp * 2000 / BIPS. This will also result into a Denial of Service for users trying to deposit in Junior Tranche.

function isJuniorOpen(uint256 amount, address asset) public view returns (bool open) {
    uint256 convertedAmount = IZivoeGlobals_ITO(GBL).standardize(amount, asset);
    (uint256 seniorSupp, uint256 juniorSupp) = IZivoeGlobals_ITO(GBL).adjustedSupplies();
@>   return convertedAmount + juniorSupp <= seniorSupp * 2000 / BIPS;
}

Code Snippet

Code Add below test in `Test_ZivoeITO.sol` ```javascript function test_WY_ZivoeITO_depositSenior_oneWei() public { mint("DAI", address(bob), 1 wei); assert(bob.try_approveToken(DAI, address(ITO), 1 wei)); zvl.try_commence(address(ITO)); hevm.warp(ITO.end() - 1); hevm.startPrank(address(bob)); assert(bob.try_depositSenior(address(ITO), 1 wei, address(DAI))); assert(ITO.seniorCredits(address(bob)) == 3); console.log("Senior credits", ITO.seniorCredits(address(bob))); hevm.stopPrank(); } ``` ``` Ran 1 test for src/TESTS_Core/Test_ZivoeITO.sol:Test_ZivoeITO [PASS] test_WY_ZivoeITO_depositSenior_oneWei() (gas: 184711) Logs: Senior credits 3 Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 4.86ms (267.13µs CPU time) Ran 1 test suite in 125.36ms (4.86ms CPU time): 1 tests passed, 0 failed, 0 skipped (1 total tests) ```

Tool used

Manual Review

Recommendation

In ZivoeITO::depositSenior and ZivoeITO::depositJunior, a restriction should be implemented for minimum amount to be deposited in a transaction.

pseudonaut commented 6 months ago

Not of concern

sherlock-admin2 commented 6 months ago

1 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, the report talks nonsense