Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Zero-Value Withdrawal Requests Can Cause Unnecessary State Changes and Gas Wastage in requestWithdrawal function

nitinaimshigh

Summary

The requestWithdrawal function does not validate whether _shares is greater than zero before executing state changes. This allows users to submit zero-value withdrawal requests, leading to unnecessary gas consumption and potential storage bloat.

Vulnerability Details

A malicious actor (or bot) could spam transactions with requestWithdrawal(0) to artificially increase gas fees for legitimate users.

Users could create a large number of unnecessary withdrawal requests, expanding the withdrawalRequestsPerEpoch storage.

Impact

Low impact.

No direct financial loss, but inefficiencies in gas and storage.

Tools Used

Manual Review

Recommendations

function requestWithdrawal(uint256 _shares) external whenNotPaused {
require(_shares > 0, "Shares must be greater than 0");
uint256 epoch = withdrawalEpoch;
WithdrawalRequest storage request = withdrawalRequestsPerEpoch[epoch][msg.sender];
_checkUserCanReceiveRon(msg.sender);
request.shares += _shares;
lockedSharesPerEpoch[epoch] += _shares;
_transfer(msg.sender, address(this), _shares);
emit WithdrawalRequested(msg.sender, epoch, _shares);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.