The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

`distributeFees` & `distributeAssets` may run out of gas and revert, resulting in holders/stakers not receiving their rewards/assets.

bhilare71

Summary

Not having a cap/upper limit on holder's array while adding unique holders using addUniqueHolder, might cause distrbuteFees & distributeAssets to run out of gas and revert , leading to holders not getting their rewards/assets.

Vulnerability Details

LiquidationPool::increasePosition() is meant to increase position of who is already a holder or adding a new unique holder by using LiquidationPool::addUniqueHolder()

function addUniqueHolder(address _holder) private {

for (uint256 i = 0; i < holders.length; i++) {

if (holders[i] == _holder) return;

}

holders.push(_holder);

}

function increasePosition(uint256 _tstVal, uint256 _eurosVal) external {

require(_tstVal > 0 || _eurosVal > 0);

consolidatePendingStakes();

ILiquidationPoolManager(manager).distributeFees();

if (_tstVal > 0) IERC20(TST).safeTransferFrom(msg.sender, address(this), _tstVal);

if (_eurosVal > 0) IERC20(EUROs).safeTransferFrom(msg.sender, address(this), _eurosVal);

pendingStakes.push(PendingStake(msg.sender, block.timestamp, _tstVal, _eurosVal));

addUniqueHolder(msg.sender);

}

Now while distribution of fees and assets through LiquidationPool::distributeFees() & LiquidationPool::distributeAssets(), holder's array is being iterated in order to distribute to all holders their respective rewards/assets.

An attacker could exploit this by sending small amounts of TST tokens / sEURO ("dust") from many different addresses, which would then be added as unique holders. This could artificially inflate the holders array, making the distributeAssets function potentially run out of gas when trying to distribute assets to a large number of holders.

Similar can happen for distributeFees function.

Impact

This would lead to holders not receiving their rewards/assets after liquidation process which they were meant to get for staking.

Likelihood of this scenario is very less, but if happens, does have a great impact, hence issued as MEDIUM risk.

Tools Used

Manual reviewing of codebase

Recommendations

To mitigate this, following recommendations can be implemented

A cap could be set on the number of holders OR
The distributeAssets & distributeFees function could implement a paging mechanism where it processes a set number of holders at a time. OR
There should be a minimum amount of TST / sEURO values that should be deposited while staking while using increasePosition in order to prevent from dust deposition.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.