Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

The deposit function added addresses to the accounts array, this array has no bound and can grow too large causing OOG

joshuajee

Summary

When users deposit, the deposit function adds their address to the array, over time this array will grow very large and cause a DOS in the system.

Vulnerability Details

The deposit function keeps adding new addresses to the accounts array over time this array will cause a dos in the system.

One of the affected functions that loop through this array is the getAccountData() which is used to generate the Merkle tree.

This can happen naturally or might be as a result of cyber griefing attack.

https://github.com/Cyfrin/2024-09-stakelink/blob/main/contracts/core/priorityPool/PriorityPool.sol#L636

function _deposit(
...
if (toDeposit != 0) {
if (_shouldQueue) {
_requireNotPaused();
if (accountIndexes[_account] == 0) {
@-> accounts.push(_account);
accountIndexes[_account] = accounts.length - 1;
}
accountQueuedTokens[_account] += toDeposit;
totalQueued += toDeposit;
} else {
token.safeTransfer(_account, toDeposit);
}
}
emit Deposit(_account, _amount - toDeposit, _shouldQueue ? toDeposit : 0);
}

Impact

The following functions will be DOSed.

  1. getAccounts() https://github.com/Cyfrin/2024-09-stakelink/blob/main/contracts/core/priorityPool/PriorityPool.sol#L159

  2. getAccountData() https://github.com/Cyfrin/2024-09-stakelink/blob/main/contracts/core/priorityPool/PriorityPool.sol#L461

  3. The getAccountData() function is required to compute the Merkle tree this could lead to funds being stuck

Tools Used

Manual Analysis

Recommendations

  1. Limit the size of the account array.

  2. Implement a minimum deposit.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.