Issue: In the OWPIdentity
contract, the mintBatch
and burnBatchMultiple
functions allow batch operations without any limits on the input arrays. This lack of restriction could lead to DoS attacks by overloading these functions with large input arrays.
Exploit:
mintBatch
and burnBatchMultiple
in OWPIdentity
accept array inputs without size restrictions. An attacker could overload the contract with a large array, causing excessive gas usage and potential DoS.
Location of Code: OWPIdentity.sol
function mintBatch(address to, uint256[] memory ids, uint256[] memory amounts, bytes memory data)
public onlyRole(MINTER_ROLE)
{
_mintBatch(to, ids, amounts, data);
}
function burnBatchMultiple(address[] memory tos, uint256[] memory ids, uint256[] memory amounts)
public onlyRole(MINTER_ROLE)
{
require(tos.length == ids.length, "Invalid input");
require(amounts.length == ids.length, "Invalid input");
for (uint256 i = 0; i < tos.length; i++) {
_burn(tos[i], ids[i], amounts[i]);
}
}
POC:
function mintBatchAbuse(address to) public onlyRole(MINTER_ROLE) {
uint256;
uint256;
mintBatch(to, ids, amounts, "");
}
Exploit Code:
An attacker could pass excessively large arrays to mintBatch
:
uint256;
uint256;
owpIdentity.mintBatch(attacker, ids, amounts, "");
Code Change:
Add array size limits in mintBatch
and burnBatchMultiple
.
uint256 constant MAX_BATCH_SIZE = 100;
function mintBatch(address to, uint256[] memory ids, uint256[] memory amounts, bytes memory data)
public onlyRole(MINTER_ROLE)
{
require(ids.length <= MAX_BATCH_SIZE, "Batch size too large");
_mintBatch(to, ids, amounts, data);
}
function burnBatchMultiple(address[] memory tos, uint256[] memory ids, uint256[] memory amounts)
public onlyRole(MINTER_ROLE)
{
require(tos.length <= MAX_BATCH_SIZE, "Batch size too large");
require(tos.length == ids.length, "Invalid input");
require(amounts.length == ids.length, "Invalid input");
for (uint256 i = 0; i < tos.length; i++) {
_burn(tos[i], ids[i], amounts[i]);
}
}
Impact: Large arrays can cause significant gas costs and potentially halt contract functionality, affecting the performance of the whole contract and making it susceptible to DoS.
Recommendation: Enforce an upper limit on the number of IDs and amounts in mintBatch
and burnBatchMultiple
to prevent abuse and excessive gas consumption.