Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

[L-03] DoS via batchRedeemWToken Allows Unbounded Batch Processing

jakefromstatefarm

Summary

The batchRedeemWToken function processes an array of redemption requests in a loop without limiting the size of _redeemWTokenArgs. This could allow an attacker to submit an excessively large array, causing the transaction to exceed the block gas limit and fail, potentially preventing legitimate batch redemptions.

function batchRedeemWToken(
RedeemWTokenArgs[] calldata _redeemWTokenArgs
) external override nonReentrant returns (uint256[] memory) {
uint256 _length = _redeemWTokenArgs.length;
uint256[] memory _amountsReturned = new uint256[]();
for (uint256 i = 0; i < _length; i++) {
_amountsReturned[i] = _redeemWToken(
_redeemWTokenArgs[i].wToken,
_redeemWTokenArgs[i].wTokenAmount,
_redeemWTokenArgs[i].recipient
);
}
}

Vulnerability Details

Currently there's no limit on _redeemWTokenArgs.length: The function loops over all provided inputs, which can lead to excessive gas consumption.

  • The function does not lead to loss of funds but could disrupt protocol operations.

  • The issue affects usability rather than core security mechanisms.

The likelihood is High, as:

  • Any user can submit an excessively large batch request.

  • There is no built-in mechanism to prevent high gas consumption.

Recommendations

Implement a reasonable limit on _redeemWTokenArgs.length to prevent excessive gas consumption.

function batchRedeemWToken(
RedeemWTokenArgs[] calldata _redeemWTokenArgs
) external override nonReentrant returns (uint256[] memory) {
uint256 _length = _redeemWTokenArgs.length;
require(_length <= 100, "Batch size exceeds limit"); // Set a max batch size (adjustable)
uint256[] memory _amountsReturned = new uint256[]();
for (uint256 i = 0; i < _length; i++) {
_amountsReturned[i] = _redeemWToken(
_redeemWTokenArgs[i].wToken,
_redeemWTokenArgs[i].wTokenAmount,
_redeemWTokenArgs[i].recipient
);
}
}
Updates

Lead Judging Commences

bube Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.