search

sherlock-audit / 2024-03-zivoe-judging

8 stars 6 forks source link

0xe4669da - `ZivoeITO::depositSenior` allows 1 `wei` to be deposited and this could lead to Denial of Service attack #691

Closed sherlock-admin4 closed 6 months ago

sherlock-admin4 commented 6 months ago

0xe4669da

medium

ZivoeITO::depositSenior allows 1 wei to be deposited and this could lead to Denial of Service attack

Summary

ZivoeITO::depositSenior allows depositing only 1 wei.

Vulnerability Detail

Source: First Impact

Source: Second Impact

A malicious user having just 1 DAI can process millions of transactions and call ZivoeITO::depositSenior millions of times by depositing only 1 wei of DAI. These transaction will be processed and considered legit by the code.

Impact

This vulnerability has various impacts. Due to a large number of malicious transactions, there could be network congestion and block gas limit exhaustion resulting into Denial of Service for other legit ZivoeITO::depositSenior transactions.

Another impact is that ZivoeITO::depositJunior will keep reverting because ZivoeITO::isJuniorOpen will return false because seniorSupp will be very much lower and convertedAmount will most probably always be higher than seniorSupp * 2000 / BIPS. This will also result into a Denial of Service for users trying to deposit in Junior Tranche.

function isJuniorOpen(uint256 amount, address asset) public view returns (bool open) {
    uint256 convertedAmount = IZivoeGlobals_ITO(GBL).standardize(amount, asset);
    (uint256 seniorSupp, uint256 juniorSupp) = IZivoeGlobals_ITO(GBL).adjustedSupplies();
@>   return convertedAmount + juniorSupp <= seniorSupp * 2000 / BIPS;
}

Code Snippet

Add below test in Test_ZivoeITO.sol

function test_WY_ZivoeITO_depositSenior_oneWei() public {

    mint("DAI", address(bob), 1 wei);
    assert(bob.try_approveToken(DAI, address(ITO), 1 wei));

    zvl.try_commence(address(ITO));
    hevm.warp(ITO.end() - 1);

    hevm.startPrank(address(bob));
    assert(bob.try_depositSenior(address(ITO), 1 wei, address(DAI)));
    assert(ITO.seniorCredits(address(bob)) == 3);
    console.log("Senior credits", ITO.seniorCredits(address(bob)));
    hevm.stopPrank();
}
Ran 1 test for src/TESTS_Core/Test_ZivoeITO.sol:Test_ZivoeITO
[PASS] test_WY_ZivoeITO_depositSenior_oneWei() (gas: 184711)
Logs:
  Senior credits 3

Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 4.86ms (267.13µs CPU time)

Ran 1 test suite in 125.36ms (4.86ms CPU time): 1 tests passed, 0 failed, 0 skipped (1 total tests)

Tool used

Manual Review

Recommendation

In ZivoeITO::depositSenior and ZivoeITO::depositJunior, a restriction should be implemented for minimum amount to be deposited in a transaction.

sherlock-admin4 commented 6 months ago

1 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, the report talks nonsense