The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Dos in `increasePosition` function

0xepley

Summary

The increasePosition function in the LiqudationPool smart contract has a potential Denial of Service (DoS) vulnerability

Vulnerability Details

In the increasePosition function, there is a call to consolidatePendingStakes, which iterates over the pendingStakes array. The loop inside consolidatePendingStakes may cause gas inefficiencies, especially if the array is large. As a result, the gas costs may increase significantly, making the increasePosition function prone to failure

function increasePosition(uint256 _tstVal, uint256 _eurosVal) external {
require(_tstVal > 0 || _eurosVal > 0);
consolidatePendingStakes();
ILiquidationPoolManager(manager).distributeFees();
if (_tstVal > 0) IERC20(TST).safeTransferFrom(msg.sender, address(this), _tstVal);
if (_eurosVal > 0) IERC20(EUROs).safeTransferFrom(msg.sender, address(this), _eurosVal);
pendingStakes.push(PendingStake(msg.sender, block.timestamp, _tstVal, _eurosVal));
addUniqueHolder(msg.sender);
}

increasePosition() function calls out to consolidatePendingStakes()

function consolidatePendingStakes() private {
uint256 deadline = block.timestamp - 1 days;
for (int256 i = 0; uint256(i) < pendingStakes.length; i++) {
PendingStake memory _stake = pendingStakes[uint256(i)];
if (_stake.createdAt < deadline) {
positions[_stake.holder].holder = _stake.holder;
positions[_stake.holder].TST += _stake.TST;
positions[_stake.holder].EUROs += _stake.EUROs;
deletePendingStake(uint256(i));
// pause iterating on loop because there has been a deletion. "next" item has same index
i--;
}
}
}

Now if you see this function then this function is ilterating over pendingStakes array and doing some computation, and once this function is complete the increasePosition function will call out to addUniqueHolder function which again literates over holders array and after checking an if statement the function is adding the address into holders array

function addUniqueHolder(address _holder) private {
for (uint256 i = 0; i < holders.length; i++) {
if (holders[i] == _holder) return;
}
holders.push(_holder);
}

As we can see that there are two For loops in the code and both are iterating over an array so if 1 of the array is large enough the function will revert subsequently reverting the whole increasePosition function.

Impact

The gas inefficiency in the increasePosition function can lead to a DoS vulnerability, causing transaction failures and hindering the proper execution of the smart contract. The issue is particularly critical as it involves core functions related to stake consolidation and fee distribution.

Tools Used

Manual Review

Recommendations

Break down this function into multiple functions

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

pendingstake-dos

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

pendingstake-high

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.