Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Missing validation for withdrawal delay in Vault.sol

sabanaku77

Summary

A vulnerability exists in the update function of Vault.sol due to the lack of validation on the withdrawalDelay parameter. This oversight allows a malicious vault owner to set an arbitrarily high withdrawal delay, effectively locking user funds indefinitely.

Finding Description

The update function updates vault parameters, including withdrawalDelay, based on the UpdateParams struct. However, there are no constraints ensuring that withdrawalDelay remains within a reasonable range. This means that a vault owner can set it to an extremely high value, preventing users from withdrawing their assets.

448: function update(UpdateParams memory params) internal {

Data storage self = load(params.vaultId);

if (self.id == 0) {

revert Errors.ZeroInput("vaultId");

}

self.depositCap = params.depositCap;

self.withdrawalDelay = params.withdrawalDelay; // No validation here

self.isLive = params.isLive;

self.lockedCreditRatio = params.lockedCreditRatio;

}

Impact

Without a restriction on withdrawalDelay, a malicious vault owner could effectively prevent users from withdrawing funds by setting an extremely high delay (e.g., uint256(-1)). This results in:

Users may lose access to their assets indefinitely.
A vault intended to facilitate withdrawals could become non-functional.
Users may lose confidence in the protocol due to an inability to retrieve their funds.

Likelihood

The likelihood of exploitation is moderate because the function allows an arbitrary value for withdrawalDelay without validation.
Malicious vault owners or administrators could abuse this to prevent withdrawals.
Users typically trust that they can withdraw their assets within a reasonable timeframe, making this an attractive vector for exploitation.

Recommendation

To mitigate this risk, enforce a reasonable upper limit on withdrawalDelay to ensure withdrawals remain accessible.

uint256 public constant MAX_WITHDRAWAL_DELAY = 7 days; // Define an appropriate maximum limit

function update(UpdateParams memory params) internal {

Data storage self = load(params.vaultId);

if (self.id == 0) {

revert Errors.ZeroInput("vaultId");

}

// Add validation for withdrawalDelay

if (params.withdrawalDelay > MAX_WITHDRAWAL_DELAY) {

revert Errors.InvalidParameter("withdrawalDelay exceeds limit");

}

self.depositCap = params.depositCap;

self.withdrawalDelay = params.withdrawalDelay;

self.isLive = params.isLive;

self.lockedCreditRatio = params.lockedCreditRatio;

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!