Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential Denial of Service via checkUpkeep function

Caesar

Relevant GitHub Links

https://github.com/Cyfrin/2024-07-zaros/blob/main/src/external/chainlink/keepers/liquidation/LiquidationKeeper.sol#L44-L88

Summary

The checkUpkeep function decodes checkData and validates bounds, but it does not limit the size of the data being processed. Large checkData inputs could lead to excessive gas consumption.

Vulnerability Details

Unchecked Input Size: There is no limit on the size of checkData, potentially leading to high gas usage.

Impact

Denial of Service: Large inputs could cause the transaction to revert due to out-of-gas errors, leading to service disruption.

Tools Used

Manual

Recommendations

Input Size Limits: Implement checks to limit the size of checkData to ensure it stays within reasonable bounds.

// Original modifier
modifier onlyForwarder {
require(msg.sender == forwarder, "Not authorized");
_;
}
// Updated modifier with additional access control
+ modifier onlyAuthorized() {
+ require(msg.sender == forwarder || msg.sender == owner(), "Not authorized");
+ _;
+ }
function performUpkeep(bytes calldata peformData) external override onlyAuthorized {
uint128[] memory accountsToBeLiquidated = abi.decode(peformData, (uint128[]));
LiquidationKeeperStorage storage self = _getLiquidationKeeperStorage();
(IPerpsEngine perpsEngine) = (self.perpsEngine);
perpsEngine.liquidateAccounts(accountsToBeLiquidated);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.