Setting minSharesAmt high always leads to processDeposit failure
Summary
At the deposit stage, large minSharesAmt are not checked and the status of the contract is changed to Deposit. However, it will be checked at the next stage of processDeposit, which can lead to a failure without fail. Since the status change affects the entire contract, a large number of malicious Deposits can disrupt the normal progress of business.
Vulnerability Details
The uint256 minSharesAmt in DepositParams can be determined by the user at Deposit time. By setting this to a large value, while successfully changing state to Deposit, the following checks cannot be broken through in subsequent phases, and the transaction will fail.
Impact
Disrupts normal business operations by issuing malicious Deposits in large quantities
Tools Used
Manual
Recommendations
Set a realistic upper limit on minSharesAmt.
Lead Judging Commences
DOS with dust deposit/withdrawal
User can force revert of processDeposit
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.