The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

consolidatePendingStakes function could hit the gas limit causing dos

0xCiphky

Summary

In the LiquidationPool contract, the increasePosition function allows users to open or increase their staking position, setting transactions in a pending state for at least one day. The consolidatePendingStakes function is then employed to finalize these positions. However, there's a potential risk of this function running out of gas, which could lead to a denial of service.

function increasePosition(uint256 _tstVal, uint256 _eurosVal) external {
require(_tstVal > 0 || _eurosVal > 0);
consolidatePendingStakes();
ILiquidationPoolManager(manager).distributeFees();
if (_tstVal > 0) IERC20(TST).safeTransferFrom(msg.sender, address(this), _tstVal);
if (_eurosVal > 0) IERC20(EUROs).safeTransferFrom(msg.sender, address(this), _eurosVal);
pendingStakes.push(PendingStake(msg.sender, block.timestamp, _tstVal, _eurosVal));
addUniqueHolder(msg.sender);
}

The consolidatePendingStakes function processes all eligible positions in the pendingStakes array that have been pending for over 24 hours. The absence of an upper limit on the array's size and the function's mechanism to loop through the entire array could result in gas consumption exceeding the block gas limit in scenarios with a large number of pending stakes.

function consolidatePendingStakes() private {
uint256 deadline = block.timestamp - 1 days;
for (int256 i = 0; uint256(i) < pendingStakes.length; i++) {
PendingStake memory _stake = pendingStakes[uint256(i)];
if (_stake.createdAt < deadline) {
positions[_stake.holder].holder = _stake.holder;
positions[_stake.holder].TST += _stake.TST;
positions[_stake.holder].EUROs += _stake.EUROs;
deletePendingStake(uint256(i));
// pause iterating on loop because there has been a deletion. "next" item has same index
i--;
}
}
}

This could potentially lead to consistently failing transactions due to excessive gas requirements, effectively causing a denial of service and hindering the staking process.

Impact:

If the consolidatePendingStakes function is unable to execute due to gas limitations, it would disrupt the normal operation of the LiquidationPool contract. This interruption could prevent the finalization of pending stakes, affecting the overall functionality of the staking mechanism.

Tools Used:

Manual analysis

Recommendation:

Modify the consolidatePendingStakes function to incorporate an early termination feature. Since the pendingStakes array is ordered from oldest to newest, the function should terminate as soon as it encounters the first stake that does not meet the 24-hour threshold. This approach will ensure efficient processing by only iterating through relevant stakes, significantly reducing the function's gas consumption.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

pendingstake-dos

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

pendingstake-high

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.