HardhatDeFi
15,000 USDC
View results
Submission Details
Severity: medium
Invalid

Unbounded Input Size in Batch Functions Allows Gas Limit DoS and Partial Execution Risks

Bug Description:

The batch functions in the AaveDIVAWrapper contract, such as batchAddLiquidity, batchRemoveLiquidity, and batchClaimYield, accept unbounded array inputs, which are processed in a for loop without any size restrictions. For example, in batchAddLiquidity:

function batchAddLiquidity(AddLiquidityArgs[] calldata _addLiquidityArgs) external override nonReentrant {
uint256 _length = _addLiquidityArgs.length;
for (uint256 i = 0; i < _length; i++) {
_addLiquidity(
_addLiquidityArgs[i].poolId,
_addLiquidityArgs[i].collateralAmount,
_addLiquidityArgs[i].longRecipient,
_addLiquidityArgs[i].shortRecipient
);
}
}

If the _addLiquidityArgs array is excessively large, the loop will consume significant gas, potentially exceeding the block gas limit. This causes the transaction to revert, resulting in a denial of service (DoS) for users or system disruptions. Furthermore, if state-modifying operations occur before the revert, the contract's state may become inconsistent, as some operations execute while others fail, leading to accounting errors or incomplete updates.

Impact:

The primary impact is a gas limit DoS vulnerability, where an attacker can submit a large input array to intentionally trigger transaction failures, blocking user operations or causing partial updates that disrupt the contract's state.

Mitigation:

Introduce a fixed maximum batch size (e.g., MAX_BATCH_SIZE) and validate input arrays using require to reject overly large arrays before execution.

Updates

Lead Judging Commences

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.