Potential DOS attack vector for public view functions like `getAccountCollateralValue()` & `getHealthFactor()` which fetch live price feed from Chainlink
Summary
Denial of Service attack vector possible in view functions due to unbounded for loops & external calls to Chainlink price feed.
Vulnerability Details
The getHealthFactor() function which in turn calls getAccountCollateralValue(), as provided in the code, can potentially be cause for a Denial of Service (DoS) attack. In the for loop, for each token, the function performs the getUsdValue() calculation, which involves external calls to Chainlink.
The attacker could create a malicious smart contract or send multiple transactions calling the getAccountCollateralValue() function with different addresses as the input. The function is a view function and can be called without incurring any gas cost for the attacker.
Even in case of genuine liquidators, who wish to monitor multiple users and their health factor, this will overload the system.
Impact
An attacker could use this to consume a large amount of computational resources and cause the function to run out of gas, making it difficult for legitimate users to execute transactions.
High number of liquidators monitoring large number of users' health factor will brick the system.
Tools Used
Manual review
Recommendations
In scenarios where external data or complex computations are involved, it's better to offload those calculations to an off-chain service or update the contract design to minimize the computational load during the loop.
Additionally, consider using a pre-computed and cached value for the total collateral value if it doesn't change frequently.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.