Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Unrestricted Access to checkUpkeep Function

satoshisbestfriend

Summary

The checkUpkeep function lacks access control and comprehensive validation of checkData, allowing unauthorized manipulation of the liquidation process.

The checkUpkeep function in the contract is designed to determine whether upkeep is needed for liquidatable accounts. It relies on externally provided checkData to set bounds for checking these accounts. However, the function does not restrict who can call it, nor does it validate the integrity of checkData beyond basic bounds checking.

This oversight allows any external actor to supply arbitrary bounds, potentially manipulating the range of accounts checked. An attacker could craft checkData to exclude certain liquidatable accounts from being processed or to include redundant or excessive accounts, leading to missed liquidations or unnecessary executions. This manipulation can disrupt the liquidation process, resulting in financial losses or destabilizing the system.

Impact

this vulnerability is significant because it can lead to financial losses and system instability. By allowing arbitrary manipulation of the liquidation process, the contract risks missing critical liquidations or executing unnecessary ones, which can disrupt market operations and affect the protocol's financial integrity.

The function is exposed to external calls, and without access control, any entity can attempt to manipulate the checkData. The risk is particularly high in environments where the function is accessible to untrusted entities.

Tools Used

Manual Review

An attacker can craft checkData to manipulate the range of accounts checked: they set the bounds to exclude certain accounts or include redundant ones.

bytes memory manipulatedCheckData = abi.encode(0, 100, 0, 100);
// Attacker calls checkUpkeep with manipulated data
(bool upkeepNeeded, bytes memory performData) = contractInstance.checkUpkeep(manipulatedCheckData);
// The data could lead to missed or unnecessary liquidations

Impact on Liquidation Process:

  • Exclusion of Accounts: By setting bounds that exclude certain accounts, the attacker can prevent specific accounts from being liquidated, potentially protecting their own accounts or those of allies.

  • Inclusion of Redundant Accounts: By including redundant accounts, the attacker can cause unnecessary processing, wasting gas and resources, and potentially delaying the liquidation of other accounts.

Missed liquidations can lead to financial losses for the protocol, as accounts that should be liquidated remain active; additionally it leads to system instability: Unnecessary executions can lead to increased gas costs and affect the overall performance.

Recommendations

Restrict who can call the checkUpkeep function and add validation checks to ensure the integrity of the checkData.

function checkUpkeep(bytes calldata checkData)
external
view
onlyAuthorized // Access control
returns (bool upkeepNeeded, bytes memory performData)
{
(uint256 checkLowerBound, uint256 checkUpperBound, uint256 performLowerBound, uint256 performUpperBound) =
abi.decode(checkData, (uint256, uint256, uint256, uint256));
// Additional checks
require(checkLowerBound < checkUpperBound, "Invalid check bounds");
require(performLowerBound < performUpperBound, "Invalid perform bounds");
// [...]
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.