stake.link
stake.link
DeFiHardhatBridge
27,500 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

An attacker can DOS calldata in`SDLPoolSecondary`::`onTokenTransfer` by sending wrong information due to no checks

kwakudr

Summary

An attacker can DOS calldata inSDLPoolSecondary::onTokenTransfer by sending wrong information due to no checks

Vulnerability Details

The function decodes _calldata assuming it contains a uint256 (lockId) and a uint64 (lockingDuration). This is a potential point of failure if _calldata does not conform to this format, which could result in a runtime error.

function onTokenTransfer(
address _sender,
uint256 _value,
bytes calldata _calldata
) external override {
if (msg.sender != address(sdlToken) && !isTokenSupported(msg.sender)) revert UnauthorizedToken();
if (_value == 0) revert InvalidValue();
if (msg.sender == address(sdlToken)) {
(uint256 lockId, uint64 lockingDuration) = abi.decode(_calldata, (uint256, uint64));
if (lockId != 0) {
_queueLockUpdate(_sender, lockId, _value, lockingDuration);
} else {
_queueNewLock(_sender, _value, lockingDuration);
}
} else {
distributeToken(msg.sender);
}
}

Impact

An attacker could DOS the contract with multiple transactions which could lead to loss of funds or at least the need for recovery actions.

Tools Used

Manual Review

Recommendations

use a try-catch block around the abi.decode operation could allow the contract to handle decoding failures more gracefully, possibly logging an error and continuing or reverting with a clear error message. Additionally, validating the length and format of _calldata before attempting to decode it can prevent some of these issues.

Updates

Lead Judging Commences

0kage Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.