Unbounded Oracle Hop Length Could Lead to Gas Griefing
Summary
The MultiHopOracle contract allows an unlimited number of oracle hops to be configured, which could lead to excessive gas costs or transaction failures if too many hops are added. This creates a potential denial of service risk where users may be unable to interact with the protocol due to prohibitively high gas costs.
Vulnerability Details
In the MultiHopOracle contract, there is no limit on the number of oracle hops that can be configured as seen here
The issue arises because each oracle hop:
Makes an external call to get price data
Performs mathematical calculations to combine the prices
Consumes additional gas for loop iteration and storage access
Without an upper bound on _oracles.length, an admin could configure a chain of oracles that:
Consumes more gas than the block limit
Makes transactions prohibitively expensive for users
Impact
DOS - Users may be unable to interact with pools that have excessive oracle hops due to transaction failures or prohibitively high gas costs.
Tools Used
Manual Review
Recommendations
Add a maximum limit on the number of oracle hops allowed:
This ensures that:
Gas costs remain predictable and reasonable
Transactions cannot fail due to excessive oracle hops
Admins cannot accidentally or maliciously configure excessive oracle chains
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.