Summary

There are multiple functions inside the LiquidationPool which have a linear time complexity and depends on the traversal of holders and pendingStakes array, as more and more new holders join the protocol the length of holders array will increase, and thus as the input grows the time taken also grows leading to usage of more and more gas, but as there is a gaslimit which ensures that if gas used by a function call exceeds then it will get reverted with out of gas error and will not be executed.

As a result of which as the holders array size increases the gas usage will also increase of certain functions like getTstTotal, getStakeTotal, deleteHolder, addUniqueHolder, distributeFees, distributeAssets as they all depends on the size of holders and pendingStakes array and if the size of the array reaches to a point where the gas usage exceeds the limit then all these function will suffer from DoS and will also cause more other functions like LiquidationPoolManager::runLiquidation to also suffer from DoS and a user can never be liquidated.

Vulnerability Details

The vulnerability lies inside the whole LiquidationPool contract where the functions depends on the traversal of holders and pendingStakes array as the protocol attracts more new holders, the holders array size will increase and the gas usage by the functions mentioned above also increases.

Thus leading to gas usage exceeding the limit set on function calls and the major portion of LiquidationPool contract will suffer from DoS and will make all the functions of other contracts like LiquidationPoolManager to also suffer from DoS and as the runLiquidation function also depends on that portion of LiquidationPool thus leading to a scenario which will prevent the undercollateralized vault from getting liquidated.

Impact

• Undercollateralized vault can never be liquidated, leading to severe loss for protocol.

• Major functionalities of LiquidationPool will suffer from DoS.

Tools Used

Manual Review

Recommendations

As the LiquidationPool is designed in such a way that its major functionalities depends on the holders array, so to prevent DoS due to gas limits, there should be a limit on the holders participating in the protocol.