Handling tokens with blacklisting functionality
Summary
The Perpetual Vault Protocol does not explicitly handle tokens with blacklisting capabilities, such as USDC, which could lead to potential DoS attacks.
Vulnerability Details
The PerpetualVault contract does not have mechanisms to check or handle tokens that might be blacklisted. If a token like USDC is used and gets blacklisted, it could lead to unexpected behavior or prevent users from interacting with the contract.
Impact
If a token used in the vault gets blacklisted, it could cause the contract to fail or prevent users from depositing or withdrawing funds, leading to a potential DoS.
Tools Used
Manual code review
Recommendations
Implement checks to ensure that the collateral token is not blacklisted before allowing deposits or withdrawals. This could involve integrating with the token's blacklisting API or using a trusted oracle service.
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.