DoS on keeper
Summary
DoS attack on the keeper during filling off-chain orders.
Vulnerability Details
During filling an off-chain order by the keeper, there is a possibility to DoS it by signing an off-chain order where it provides at least one of the following conditions:
-
Changing the nonce before the filling. By calling
cancelAllOffchainOrders.
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/SettlementBranch.sol#L237
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/OrderBranch.sol#L36 -
Transferring the account to another address, leading to changing of the owner.
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/SettlementBranch.sol#L269 -
sizeDelta = 0
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/SettlementBranch.sol#L219
So, an attacker can easily sign an off-chain order, and when it is going to be filled, by applying any of the above conditions, the transaction will revert, and all the other off-chain orders in the array offchainOrders will not be executed either. This will revert the whole keeper's transaction.
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/SettlementBranch.sol#L188
Impact
DoS on keeper during filling on off-chain order.
Tools Used
Recommendations
The reverts during filling off-chain orders should be replaced with continue, so in case of such failures/DoS the transaction simply skips that specific order.
Lead Judging Commences
fillOffchainOrders reverts everything if a single order fails one of the multiple checks
If you send 1 cancel and 1 create it should still run the cancel, not revert everything.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.