Denial-of-Service Risks in the Batch Functions
Summary
The batch functions allow users to perform multiple operations in a single transaction. However, they are susceptible to a denial-of-service (DoS) attack where a malicious user can introduce invalid or empty elements into the input array. This can cause a complete transaction failure due to Solidity's atomic execution model, preventing all users from withdrawing liquidity, redeeming tokens, or reclaiming collateral.
Vulnerability Details
The following functions are affected batchRemoveLiquidity, batchRedeemPositionToken andbatchRedeemWToken
Attack Methodology
A malicious user submits an array with at least one invalid element for example an empty poolId, positionToken, or wToken. Due to Solidity's atomic execution, if any single operation within the loop fails, the entire function call reverts.This prevents all legitimate users from executing their transactions within the same batch.
Impact
Legitimate users are unable to remove liquidity, redeem tokens, or withdraw funds if a single entry in the batch function fails
Tools Used
Manual Review
Recommendations
Add require statements to check that arrays are not empty before executing batch functions. Ensure that
_poolId,_positionToken,_wToken, and other inputs are non-zero and valid before processing them.Implement try/catch blocks inside batch loops to allow individual failures without affecting the entire batch.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.