15,000 USDC
View results
Submission Details
Severity: medium

Potential DOS attack vector for public view functions like `getAccountCollateralValue()` & `getHealthFactor()` which fetch live price feed from Chainlink

Summary

Denial of Service attack vector possible in view functions due to unbounded for loops & external calls to Chainlink price feed.

Vulnerability Details

The getHealthFactor() function which in turn calls getAccountCollateralValue(), as provided in the code, can potentially be cause for a Denial of Service (DoS) attack. In the for loop, for each token, the function performs the getUsdValue() calculation, which involves external calls to Chainlink.

The attacker could create a malicious smart contract or send multiple transactions calling the getAccountCollateralValue() function with different addresses as the input. The function is a view function and can be called without incurring any gas cost for the attacker.


Even in case of genuine liquidators, who wish to monitor multiple users and their health factor, this will overload the system.

Impact

  • An attacker could use this to consume a large amount of computational resources and cause the function to run out of gas, making it difficult for legitimate users to execute transactions.

  • High number of liquidators monitoring large number of users' health factor will brick the system.

Tools Used

Manual review

Recommendations

In scenarios where external data or complex computations are involved, it's better to offload those calculations to an off-chain service or update the contract design to minimize the computational load during the loop.


Additionally, consider using a pre-computed and cached value for the total collateral value if it doesn't change frequently.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.