MorpheusAI
MorpheusAI
Foundry
22,500 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Denial-of-Service (DoS) Risk in manageUsersInPrivatePool Function Due to Equal Deposited Amount

recursiveeth

Summary

In the Distribution.sol:manageUsersInPrivatePool function, where a DOS condition can occur if a user's deposited amount is equal to the amount specified in the function call.

Vulnerability Details

When a user's deposited amount is exactly equal to the amount specified in the manageUsersInPrivatePool function call,This situation can potentially result in a denial-of-service (DoS) scenario where the affected user is unable to deposit into the private pool due to a conflict in the state of their deposited amount.

function manageUsersInPrivatePool(
uint256 poolId_,
address[] calldata users_,
uint256[] calldata amounts_
) external onlyOwner poolExists(poolId_) {
require(!pools[poolId_].isPublic, "DS: pool is public");
require(users_.length == amounts_.length, "DS: invalid length");
uint256 currentPoolRate_ = _getCurrentPoolRate(poolId_);
for (uint256 i; i < users_.length; ++i) {
address user_ = users_[i];
uint256 amount_ = amounts_[i];
uint256 deposited_ = usersData[user_][poolId_].deposited;
// what if the user have same deposited amount, which they are trying to deposit again.
if (deposited_ < amount_) {
_stake(user_, poolId_, amount_ - deposited_, currentPoolRate_);
} else if (deposited_ > amount_) {
_withdraw(user_, poolId_, deposited_ - amount_, currentPoolRate_);
}
}
}

Impact

The vulnerability can lead to a DoS scenario where affected users are unable to deposit into the private pool

Tools Used

Manual code review

Recommendations

Implement other logic then strict check inside if condition.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.