Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

DOS Attack via `ChritsmasDinner::deposit` (Root Cause: Unrestricted deposit function calls) :

etijie

Summary

The ChritsmasDinner::deposit function can also be targeted for a Denial of Service (DOS) attack. By repeatedly calling the ChritsmasDinner::deposit function, a malicious actor could overload the system, increasing the cost of processing legitimate deposits for other users. This could prevent genuine users from interacting with the contract or make it prohibitively expensive.

Vulnerability Details

Proof of Concept:

// SPDX-License-Identifier: MIT
pragma solidity 0.8.27;
import "forge-std/Test.sol";
import { ChristmasDinner } from "./ChristmasDinner.sol";
contract TestDOSDeposit is Test {
ChristmasDinner dinner;
function setUp() public {
dinner = new ChristmasDinner(address(0), address(0), address(0));
}
function testDepositSpam() public {
// Attack by calling deposit multiple times
for (uint i = 0; i < 1000; i++) {
dinner.deposit(address(0), 1); // Repeatedly depositing
}
}
}

Impact

Legitimate users could face higher gas fees or be unable to deposit tokens due to the malicious actor's repeated calls to the ChritsmasDinner::deposit function. This would disrupt the fair operation of the contract and discourage participation in the event.

Tools Used

aderyn, slither, manual, forge

Recommendations

Implement a rate limit for deposit requests or introduce a transaction fee to dissuade spamming.
Consider adding a cool-off period between deposit transactions.

Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!