Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

[H-01] DoS Vulnerability in Batch Functions Due to Gas Limit Constraints

phaseTwo

Summary

The batch functions (batchRegisterCollateralToken, batchCreateContingentPool, batchAddLiquidity, batchRemoveLiquidity, batchRedeemPositionToken, batchRedeemWToken, batchClaimYield, and batchApproveCollateralTokenForAave) do not have safeguards to prevent Denial of Service (DoS) attacks caused by excessive gas consumption. This lack of gas limit considerations allows a malicious actor or an honest mistake to craft a transaction that exceeds the block gas limit, making the entire batch operation fail and denying service to legitimate users.

Vulnerability Details

The batch functions loop through input arrays to perform multiple operations, and their execution cost scales linearly with the size of the input arrays. If a user submits a large enough array or one containing computationally expensive operations, the total gas required may exceed the block gas limit, resulting in:

Transaction Failure: The entire batch transaction fails, even if some of the operations within the batch could have succeeded.
DoS Potential: Malicious actors can exploit this vulnerability by intentionally submitting excessively large or complex input arrays, causing service disruptions and denial of access for other users.
Cost Amplification: Legitimate users could inadvertently craft input arrays that result in high gas consumption, leading to unnecessarily high transaction costs or failed transactions.

Affected Functions

The following batch functions are vulnerable:

batchRegisterCollateralToken: Registers multiple collateral tokens.
batchCreateContingentPool: Creates multiple contingent pools.
batchAddLiquidity: Adds liquidity to multiple pools.
batchRemoveLiquidity: Removes liquidity from multiple pools.
batchRedeemPositionToken: Redeems multiple position tokens.
batchRedeemWToken: Redeems multiple wrapped tokens.
batchClaimYield: Claims yield for multiple collateral tokens.
batchApproveCollateralTokenForAave: Approves multiple collateral tokens for Aave.

Impact

This is a high-severity issue because:

It can cause service disruptions for all users by making batch operations fail.
Legitimate users attempting to execute valid batch transactions may encounter high gas fees or transaction failures, affecting the contract's usability.
The contract becomes vulnerable to malicious actors intentionally exploiting the batch functions to launch DoS attacks.

Tools Used

Manuial Review
VS Code

Recommendations

Implement Input Size Limits:

Restrict the maximum size of input arrays to a reasonable value based on gas usage analysis. For example:

require(_collateralTokens.length <= MAX_BATCH_SIZE, "Batch size exceeds limit");

Define MAX_BATCH_SIZE based on testing and benchmarking of typical gas costs.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.