Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Unrestricted Account Creation and Overflow Risk in `createTradingAccount` Function

0xabhayy

Summary

The core of the vulnerability in the createTradingAccount function stems from two critical aspects. Firstly, there is no limit on the number of trading accounts a single msg.sender can create, allowing an attacker to potentially generate an excessive number of accounts. Secondly, the tradingAccountId is assigned by incrementing the globalConfiguration.nextAccountId value for each new account. Since nextAccountId is a uint128, it is susceptible to overflow.
This means that if an attacker creates enough accounts, the nextAccountId could exceed its maximum value, leading to unintended behavior or potential vulnerabilities in the system.

Vulnerability Details

The createTradingAccountAndMulticall function in the TradingAccountBranch contract allows for can multiple calls to createTradingAccount within a single transaction. This, combined with potentially low transaction fees on Arbitrum, creates a severe vulnerability that could lead to rapid account creation, system overflow, and denial of service.

Example Scenario
An attacker calls createTradingAccount repeatedly Using createTradingAccountAndMulticall.

An attacker can create hundreds or thousands of accounts in a single transaction.

They can do this until nextAccountId reaches its maximum value (2^128 - 1).

nextAccountId is a uint128, which can be more quickly overflowed with this method.

Subsequent calls will revert due to Overflow;

it is a concern because creating an account and minting an NFT is free. This can be exploited by an attacker to flood the system with excessive accounts or NFTs without any cost, exacerbating the vulnerabilities related to account creation and potential overflow issues.

Impact

Overflow Risk: If nextAccountId overflows, it would prevent any new accounts from being created, effectively halting the system.

Denial of Service: An attacker could mint an excessive number of NFTs, causing a denial of service for other users.

Tools Used

Manual Review

Recommendations

To address the vulnerability, it is recommended to implement a limit on the number of accounts that a single user (msg.sender) can create.

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.