Moonwell

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Gas limit exceedance in `fixUser` function

0xVinylDavyl

Summary

The fixUser function in the MErc20DelegateFixer contract executes several operations within a single transaction, leading to potential gas limit exceedance. This possibly resulting in incomplete or failed transactions, causing user frustration, wasted gas fees, and potential disruption of protocol operations.

Vulnerability Details

Arises from the fixUser function performing multiple operations, including balance updates and event emissions, within a single transaction.

function fixUser(address liquidator, address user) external {

require(msg.sender == admin, "only the admin may call fixUser");

require(liquidator != user, "liquidator cannot be user");

require(accrueInterest() == 0, "accrue interest failed");

uint256 principal = borrowBalanceStored(user);

require(principal != 0, "cannot liquidate user without borrows");

accountBorrows[user].principal = 0;

accountBorrows[user].interestIndex = borrowIndex;

uint256 liquidated = accountTokens[user];

if (liquidated != 0) {

accountTokens[liquidator] = SafeMath.add(accountTokens[liquidator], liquidated);

delete accountTokens[user];

}

badDebt = SafeMath.add(badDebt, principal);

totalBorrows = SafeMath.sub(totalBorrows, principal);

emit UserFixed(user, liquidator, liquidated);

}

Impact

Gas limit exceedance can lead to incomplete or failed transactions, resulting in user frustration, wasted gas fees, and potential disruption of protocol operations. Users may experience difficulties interacting with the contract, leading to a negative user experience and loss of trust in the protocol.

Tools Used

Manual

Recommendations

Split Complex Operations: Split the fixUser function into multiple transactions to reduce the computational load and gas consumption per transaction.
Optimize Gas Usage: Analyze and optimize the gas usage of each operation within the fixUser function to minimize gas consumption and ensure transactions can be executed within the gas limit.
Use Gas Estimation: Implement gas estimation mechanisms to provide users with estimates of gas costs before executing transactions, allowing them to adjust transaction parameters or gas fees accordingly.

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

394

38 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.