DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Minimum Bid Manipulation Can lead to disrupt the contract expected behavior

baouch21

Summary

insufficient validation of the ercAmount and price inputs when creating a bid. The contract does not adequately check if these inputs are manipulated in a way that allows eth to fall below the minimum bid value For more details show the vulnerability details

Vulnerability Details

The vulnerable part :

uint256 eth = ercAmount.mul(price);

if (eth < LibAsset.minBidEth(asset)) revert Errors.OrderUnderMinimumSize();

Here we have in this line the calculates the value of eth by multiplying ercAmount with price and then checks if it's less than a minimum bid value specified in LibAsset.minBidEth(asset) so If this condition is met, it reverts with the error Errors.OrderUnderMinimumSize().
The real vulnerability is that
An attacker can manipulate the ercAmount or price in such a way that the calculated eth value is less than the minimum bid value, and could trigger the revert condition
As an example of scenario shoe how can that be :

let’s say that the minimum bid value is 10 ETH in wei in this part

uint256 eth = ercAmount.mul(price);

if (eth < LibAsset.minBidEth(asset)) revert Errors.OrderUnderMinimumSize();

so manipulate ercAmount and price as this :
*-Making eth < 10 ETH to trigger the revert
*-And set a high price and a small ercAmount

uint80 price = 1000; // High price

uint88 ercAmount = 1; // Small ercAmount

let's calculate eth:

uint256 eth = 1 * 1000; // eth = 1000 in wei

so eth is now 1000 in wei, which is less than the minimum bid value of 10 ETH (10,000,000,000,000,000,000 wei), the condition
eth < LibAsset.minBidEth(asset) is met, and the contract will revert with the Errors.OrderUnderMinimumSize() error.
as result This manipulation allows an attacker to disrupt the contract's expected behavior by creating a bid with a very high price and a very small ercAmount, and bypassing the minimum bid requirement and causing the contract to revert erroneously

Impact

An attacker can exploit this bug by setting an excessive high price and an extremely low ercAmount. This manipulation leads to eth being less than the minimum bid value, causing the contract to revert incorrectly.

Tools Used

Manual review and HARD HAT

Recommendations

This update can solve the problem in the that line that hase the vulnerability by adding require to ensure that ercAmount and price are both greater than zero and that the calculated eth value is equal to or greater than the minimum bid value

require(ercAmount > 0, "Invalid ercAmount");

require(price > 0, "Invalid price");

uint256 eth = ercAmount.mul(price);

require(eth >= LibAsset.minBidEth(asset), "Bid value is below the minimum");

Updates

Lead Judging Commences

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.