Closed sherlock-admin3 closed 5 months ago
2 comment(s) were left on this issue during the judging contest.
z3s commented:
Invalid; Your assumption is wrong, there is no ETH from User A in User B's transaction.
FSchmoede commented:
Since concurrency (and race conditions) is not possible in EVM and solidity thus invalid.
kgothatso
high
User can get front-run and loss funds and experience a DOS attack when they call
invoke
Summary
Loss of funds because of size of array
Invocation[]
Vulnerability Detail
invoke
function with an array size of 100 and sends eth along with the callinvoke
function with an array size of 1 and sends eth along with the call with more gas than user A_invoke
sends 0 eth for User A not what they sent to the contractImpact
Loss of funds ,DOS attack
Code Snippet
https://github.com/sherlock-audit/2024-05-kwenta-x-perennial-integration-update/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L140
https://github.com/sherlock-audit/2024-05-kwenta-x-perennial-integration-update/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L133
Tool used
Manual Review
Recommendation
Add a mapping state variable to store how much each user sends to the contract and send that value that was stored in the mapping for that user