DoS Attack on Innocent Users in `UpliftOnlyExample.sol`
Summary
The UpliftOnlyExample.sol contract imposes a limit of 100 deposits per user to prevent out-of-gas errors. However, an attacker can exploit this constraint by transferring a large number of lpNFTs to an innocent user, effectively preventing them from adding new liquidity and making it cost-heacy to remove existing liquidity.
Vulnerability Details
The contract enforces a 100-deposit limit per user using the following check:
An attacker can deposit minimal liquidity repeatedly, minting lpNFTs for each deposit.
The attacker then transfers these lpNFTs to an innocent user, causing the user's deposit count to exceed the limit.
The innocent user is now unable to:
Add more liquidity, as the deposit limit has been reached.
Remove liquidity easily, because of high gas costs.
Impact
Breaks constraint of 100 NFT per user
DoS for innocent user to add liquidity and remove liquidity(Loss of Funds)
Tools Used
Manual Review
Recommendations
Lead Judging Commences
finding_afterUpdate_does_not_check_limit_NFT_per_user
Likelihood: Medium/High, anyone can receive an unlimited NFT number but will cost creation of LP tokens and sending them. Impact: Low/Medium, DoS the afterUpdate and addLiquidityProportional but will be mitigable on-chain because a lot of those NFT can be burn easily in onAfterRemoveLiquidity.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.