DoS Due to Address Blacklisting
Summary
The protocol is vulnerable to denial-of-service (DoS) attacks resulting from address blacklisting. If critical addresses, such as the capital pool address, are blacklisted by a token contract, it could lead to the permanent freezing of all protocol funds.
Vulnerability Detail
Certain tokens, such as USDC, have mechanisms that allow for the blacklisting of addresses. If the capitalPoolAddr were to be blacklisted, all funds held in the protocol's capital pool would become inaccessible. This would effectively lock all protocol assets and prevent users from accessing their funds.
Impact
All users' and protocol funds could be permanently frozen, leading to significant financial losses and a loss of trust in the protocol's reliability.
Tools Used
Manual Review
Recommendation
Implement safeguards to mitigate the risk of address blacklisting, such as:
Diversifying capital pool addresses across multiple token contracts to reduce reliance on a single token that may support blacklisting.
Regularly auditing and monitoring the status of critical addresses to ensure they are not blacklisted.
Consider using alternative tokens that do not have blacklisting features to enhance the security of protocol funds.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.