EXTERNAL CALLS WITHIN A FOR LOOP ALLOW (DOS) DENIAL-OF-SERVICE ATTACKS
Summary
contracts/core/ccip/base/SDLPoolCCIPController.sol#139
contracts/core/ccip/SDLPoolCCIPControllerPrimary.sol#244-287
contracts/core/ccip/SDLPoolCCIPControllerPrimary.sol#56-93
contracts/core/ccip/WrappedTokenBridge.sol#140-147
The "pull over push" strategy suggests that instead of actively sending tokens to multiple addresses from the contract ("push" strategy), users should be allowed to withdraw tokens when they want to ("pull" strategy). This reduces the risk of denial-of-service attacks since external calls are made only when the user decides to withdraw funds, not when a contract function is triggered.
Vulnerability Details
The recoverTokens function in the SDLPoolCCIPController.sol contract is designed to transfer tokens to a specific address from the current contract. However, the analysis highlights that this function contains a for loop that makes external calls to contracts (using safeTransfer) within the loop.
Impact
Risk of denial-of-service attacks (DOS)
Tools Used
Audit Wizard, Slither, Chat GPT
Recommendations
The recommendation is based on security: making external calls in a loop can be risky because if the number of iterations is very large, it can deplete resources and cause the transaction to fail or be extremely costly. This could be used in a denial-of-service attack if someone maliciously manipulates the amount of tokens in _tokens.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.