Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Denial of Service (DoS) in FjordAuction::auctionEnd()

sidhack3r11

Summary

https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuction.sol

The auctionEnd() function burns all FjordPoints held by the contract at the end of the auction using the fjordPoints.burn() function. If the contract accumulates a large amount of FjordPoints, the burn operation could exceed the gas limit, causing the transaction to fail. As a result, the auction cannot be ended, leading to a denial of service (DoS) for all users.

Impact

DoS Attack: The auction would remain in a locked state, preventing users from claiming their tokens.

User Frustration: Users would be unable to finalize their participation in the auction, leading to a poor user

Tools Used

Manual Review

Recommendations

Batch the burn operation to reduce the gas consumption per transaction. Alternatively, consider an off-chain burn process or a mechanism to incrementally burn tokens over time

function auctionEnd() external {
// Existing code
// Batch burn FjordPoints to avoid gas limit issues
uint256 pointsToBurn = fjordPoints.balanceOf(address(this));
batchBurn(pointsToBurn); // Implement a batch burn function
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.