LiquidationBranch.sol can DOS due to an underflow issue
Summary
The contract LiquidationBranch handles the logic for checking if accounts are liquidatable and then potentially applies a liquidation process on those accounts.
In checkLiquidatableAccounts, two input parameters lowerBound and upperBound are expected to establish boundaries for the set of accounts to be checked for liquidation.
Vulnerability Details
This line of code could lead to an underflow issue. If the user provides lowerBound greater than upperBound, the subtraction will result in a large positive integer due to underflow mechanics in Solidity, which could lead to a Denial of Service attack as the contract attempts to allocate an overly large amount of memory.
Impact
DOS attack
Tools Used
Recommendations
To mitigate this issue, it is recommended to perform an explicit check before initializing the liquidatableAccountsIds array:
This will ensure that upperBound always be equal to or greater than lowerBound and prevent the potential underflow issue. Utilizing tools such as SafeMath can also be helpful to prevent such underflows or overflows in other mathematical operations.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.