The Standard

The Standard
DeFiHardhat
20,000 USDC
View results
Submission Details
Severity: low
Valid

[H-02] The `SmartVaultManagerV5::mint` function does not impose a quantity limit on the `vault` created for each address, allowing users to create an unlimited number of `vaults`.

Description:

The SmartVaultManagerV5::mint function imposes no restrictions on the number of vaults that can be created per address. This means that users can create vaults without any limitations, severely deviating from the expected behavior of the functionality and potentially leading to the occurrence of DOS attacks.

Impact:

  1. Impact-01: Unlimited creation of vaults by users will result in DOS attacks when calling the SmartVaultManagerV5::vaults function.

  2. Impact-02: Users can create vaults without any limitations, severely disrupting the functionality of the protocol.

Proof of Concept:

Sorry, I currently don't know how to use Foundry to write POC. I will describe the attack scenario in detail:

  1. User Alex can create vaults without any limitation through the SmartVaultManagerV5::mint function (assuming the created number of vaults is sufficient to trigger a DOS).

  2. Then, when he calls the SmartVaultManagerV5::vaults function, the for loop in this function iterates through all the vaults created by users.

  3. This leads to a successful implementation of a DOS attack.

Recommended Mitigation:

Limit the number of vault creations per address, for example, the maximum allowed quantity of vaults created should not exceed 50.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

mint-precision

0x27281m Submitter
over 1 year ago
hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

vault-dos

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.