Open sherlock-admin4 opened 1 month ago
Escalate
Escalate
Interest grows per timestamp, not block number, thus the malicious user can not do this at no cost as specified by the report. This is an intended behaviour.
The escalation could not be created because you are not exceeding the escalation threshold.
You can view the required number of additional valid issues/judging contest payouts in your Profile page, in the Sherlock webapp.
Clear invalid.. unrealistic and that's why we have borrow fees I can argue the owner can steal the attacker by front-run his attack and increase the borrowing fees
Escalate Clear invalid.. unrealistic and that's why we have borrow fees I can argue the owner can steal the attacker by front-run his attack and increase the borrowing fees
The escalation could not be created because you are not exceeding the escalation threshold.
You can view the required number of additional valid issues/judging contest payouts in your Profile page, in the Sherlock webapp.
Escalate, Per @samuraii77 comment
Escalate, Per @samuraii77 comment
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Escalate Per @elhajin comment
Escalate Per @elhajin comment
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
I agree with @NicolaMirchev escalation and @elhajin comment. This issue is the most Low severity. Why would anyone make such a complex attack with almost no benefit and, as @elhajin has mentioned, with a big chance to even come out at a loss with gas fees and borrowing fees.
Planning to accept the @NicolaMirchev escalation and invalidate the issue.
Hi @cvetanovv the only cost of the attack is gas fees, which are getting lower and lower on Ethereum mainnet.
There are no borrowing fees since the loan is repaid in the same block.
There is no benefit for the attacker, but the lender will not be able to withdraw their funds.
This grief attack brings absolutely no benefits to the one doing it. For this I don't see any bug on the part of the protocol.
Moreover, this is called DoS for a block and is invalid:
Griefing for gas (frontrunning a transaction to fail, even if can be done perpetually) is considered a DoS of a single block, hence only if the function is clearly time-sensitive, it can be a Medium severity issue.
My decision to accept @NicolaMirchev escalation and invalidate the issue remains.
Obsidian
High
An attacker can permanently DOS lender from withdrawing by a sandwich attack
Summary
If a user borrows and repays a loan within the same block they do not pay any interest
Therefore an attacker can sandwich a lender trying to withdraw funds by borrowing those funds, to ensure the lender's tx reverts and then backrunning the lender's withdraw tx by repaying those funds, all within the same block to ensure 0 interest.
Root Cause
No intra-block interest accumulation
Allowing intrablock borrow and repays
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
Impact
Attacker can permanently DOS a lender withdrawing their funds, the cost of the attack is only the gas cost of the tx
PoC
Add the following to
BigTest.t.sol
Console output:
Mitigation