Submission Details
Severity:
DOS Attack in OperatorVCS.sol
Summary:
An unbounded loop over vaultCount in getPendingFees() function, this loop iterates over all vaults. If the number of vaults
grows too large, this could consume too much gas and cause the transaction to fail.
Unbounded loop over fees: This is the second loop and iterates over all fees. similarly, if they are too many fees
entries, this can lead to excessive gas consumption.
Vulnerability Details:
uint256 vaultCount = vaults.length;
for (uint256 i = 0; i < vaultCount; ++i) {
totalFees += IOperatorVault(address(vaults[i])).getPendingRewards();
}
int256 depositChange = getDepositChange();
if (depositChange > 0) {
for (uint256 i = 0; i < fees.length; ++i) {
totalFees += (uint256(depositChange) * fees[i].basisPoints) / 10000;
}
}
return totalFees;
Impact:
If an attacker can manipulate the system, to have a large number of vaults or fees, or control the behavior of external
contracts, they could cause the function to consume more gas than the block gas limits allow. this could make the function
unusable effectively denying service to legitimate users.
Tools Used
Recommendations:
Consider moving expensive operations off-chain and only store the result on-chain.
-
Implement gas limits or circuit breakers to prevent excessive gas consumption.
-
Implement pagination for vault transactions. Process a fixed number at a time instead of processing all vaults in one transaction..
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020
USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.