Protocol Fund Loss Due to Insufficient Execution Fee
Summary
A critical vulnerability exists in the deposit mechanism where the protocol automatically covers the shortfall when a user's paid execution fee (executionFee) is less than the actual Gas cost (usedFee). This leads to irreversible protocol fund losses, compromising the economic sustainability of the system.
Vulnerability Details
Affected Code
The vulnerability resides in the fee reconciliation logic of the _mint function:
Vulnerability Details
-
Asymmetric Fee Handling:
The protocol refunds users when
executionFee > usedFee(surplus).No safeguards exist when
executionFee < usedFee(deficit). The protocol unconditionally covers the gap using its ETH reserves.
-
Volatile Gas Price Risk:
Ethereum Gas prices can spike unpredictably (e.g., during network congestion).
Users may underpay fees if they submit transactions during low-Gas periods that execute during price surges.
Impact
Direct Protocol Losses: Every instance of
executionFee < usedFeeresults in protocol funds being drained to cover the difference.Cumulative Impact: Repeated occurrences could deplete the protocol's ETH balance, leading to insolvency.
Tools Used
Manual Code Review
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.