Denial of Service attack vector possible in view functions due to unbounded for loops & external calls to Chainlink price feed.
The getHealthFactor()
function which in turn calls getAccountCollateralValue()
, as provided in the code, can potentially be cause for a Denial of Service (DoS) attack. In the for loop, for each token, the function performs the getUsdValue()
calculation, which involves external calls to Chainlink.
The attacker could create a malicious smart contract or send multiple transactions calling the getAccountCollateralValue()
function with different addresses as the input. The function is a view function and can be called without incurring any gas cost for the attacker.
Even in case of genuine liquidators, who wish to monitor multiple users and their health factor, this will overload the system.
An attacker could use this to consume a large amount of computational resources and cause the function to run out of gas, making it difficult for legitimate users to execute transactions.
High number of liquidators monitoring large number of users' health factor will brick the system.
Manual review
In scenarios where external data or complex computations are involved, it's better to offload those calculations to an off-chain service or update the contract design to minimize the computational load during the loop.
Additionally, consider using a pre-computed and cached value for the total collateral value if it doesn't change frequently.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.