Keeper Actions can be DOS by directly sending PerpetualVault 1 USD
Summary
When the keeper calls PerpetualVault::runNextAction they check if the index token balance is greater than 1 USD and if it is they will perform a DEX swap.
If the metadata was not passed for a DEX swap then the call will revert.
Therefore, an attacker can send 1 USD of the Index token to the contract and the keeper's transaction will revert since it did not expect to perform a DEX swap and did not pass the correct metadata if any.
Vulnerability Details
Here is a list of the vulnerable code:
https://github.com/CodeHawks-Contests/2025-02-gamma/blob/84b9da452fc84762378481fa39b4087b10bab5e0/contracts/PerpetualVault.sol#L363
https://github.com/CodeHawks-Contests/2025-02-gamma/blob/84b9da452fc84762378481fa39b4087b10bab5e0/contracts/PerpetualVault.sol#L375
https://github.com/CodeHawks-Contests/2025-02-gamma/blob/84b9da452fc84762378481fa39b4087b10bab5e0/contracts/PerpetualVault.sol#L392
Impact
Keeper actions when calling PerpetualVault::runNextAction can be DOSed
Tools Used
Manual review and Foundry
Recommendations
Increase the min size to maybe $10 USD to discourage and attacker
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.