ConsolidatePendingStakes() Looping Through `pendingStakes` Array for Stakers' Positions Pose a Potential Denial of Service (DoS) Attack
Description:
Whenever the following functions are called, they make sub-function calls that iterate over the pendingStakes array: LiquidationPool::increasePosition(), LiquidationPool::decreasePosition(), LiquidationPool::distributeAssets(), LiquidationPoolManager::distributeFees(), LiquidationPoolManager::runLiquidation(), and LiquidationPool::distributeFees(). These sub-functions, in turn, loop through the pendingStake array to find the user's position before taking action.
Impact:
If the pendingStakes array becomes excessively long, leading to an unresponsive state due to an Out of Gas error, users' funds are at severe risk. The consequences range from loss of funds to the death of the protocol.
Proof of Concept:
A malicious actor could disrupt the network by creating numerous addresses and spamming the network with transactions. This could result in the pendingStakes array becoming too long to iterate over efficiently, effectively preventing withdrawals.
Proof of Code:
Code
Tools Used:
Manual review
Foundry
Recommended Mitigation Steps:
Consider alternative design structures that are more gas-efficient. For example, explore the use of mappings instead of arrays or incorporate the EnumerableMap library by OpenZeppelin.
Lead Judging Commences
pendingstake-dos
pendingstake-high
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.