Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Treasury contract may be dos via malicious tokens

x1485967

Summary

Treasury contract may be dos via malicious tokens.

Vulnerability Details

Treasury contract aims to process the fund management. In Treasury contract, we use _totalValue variable to record the total balance for all kinds of tokens.

The problem is that malicious users can deposit one malicious token to increase the _totalValue to maximum(uint256.max) value. Because this token is malicious, we can disallow the manager role to withdraw from the Treasury contract.

Then any normal users or the owner can not deposit any value tokens into the treasury. The treasury contract cannot be used any more.

function deposit(address token, uint256 amount) external override nonReentrant {
if (token == address(0)) revert InvalidAddress();
if (amount == 0) revert InvalidAmount();
IERC20(token).transferFrom(msg.sender, address(this), amount);
_balances[token] += amount;
_totalValue += amount;
emit Deposited(token, amount);
}

Impact

The treasury contract will be dos, and cannot be used any more.

Tools Used

Manual

Recommendations

Add one whitelist for the deposit tokens.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Treasury::deposit increments _totalValue regardless of the token, be it malicious, different decimals, FoT etc.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.