Denial of Service (DoS) Risk Caused by Unrestricted Batch Function
Vulnerability Details
The function batchAddLiquidity allows users to submit a batch of AddLiquidityArgs without imposing a limit on the number of items in the array. This exposes the contract to potential Denial of Service (DoS) attacks where a malicious or careless user could submit excessively large batches. These large batches can result in high gas consumption and potentially block the processing of other transactions due to network congestion or failed transactions caused by exceeding the gas limit.
Impact
The primary impact of this vulnerability is a DoS attack, where an attacker or careless user could:
Excessively Consume Gas: Large batches may cause the transaction to exceed the block's gas limit, leading to failed transactions for the sender.
Cause Network Congestion: Large batch submissions could contribute to overall network congestion, driving up gas prices for all users and making transactions more expensive.
Prevent Other Transactions: If large batches occupy a significant portion of a block’s gas, they could block other users' transactions, preventing them from being processed in a timely manner.
Tools Used
Manual code review
Recommendations
Limit the Batch Size: Introduce a maximum batch size to prevent excessive gas usage and mitigate potential DoS attacks.
For example:
By implementing these measures, the contract would become more robust against gas-related issues, improve the user experience, and help prevent potential attacks from large batch submissions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.