Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Denial of Service (DoS) via Custom ERC-20 Token in Deposit Function

arturtoros

Summary

The deposit function in the Treasury contract allows any user to deposit tokens without validating the token's behavior. This can lead to a Denial of Service (DoS) attack by using a malicious custom ERC-20 token that can manipulate the _totalValue state variable.

Vulnerability Details

In the deposit function, the contract does not validate the token being deposited. This allows an attacker to create a custom ERC-20 token with specific behaviors that can exploit the treasury's logic.

Step-by-Step Attack Path:

Create a Malicious ERC-20 Token: The attacker creates a custom ERC-20 token and mints uint256 max value to their own address.
Implement Custom Logic: The attacker includes a transferCounter variable in their token contract, initialized to 0. The _update function is overriden with an if-check such that if transferCounter exceeds 2, the function reverts. The _update function also increments transferCounter by 1 each time it is called.
Mint Tokens: The attacker mints tokens to themselves, which sets transferCounter to 1.
Deposit Tokens into Treasury: The attacker calls the deposit function in the Treasury contract, transferring their custom tokens with really big number (close to uint256 max value). This call triggers the _update function, incrementing transferCounter to 2.
Attempt to Withdraw: The admin attempts to withdraw the tokens from the treasury. However, since the custom token's logic prevents further transfers (as transferCounter cannot exceed 2), the withdrawal fails.
Denial of Service: The tokens are now effectively "stuck" in the treasury, and the _totalValue reflects this amount, leading to a situation where the treasury cannot function properly. This results in a Denial of Service for the treasury, as it cannot withdraw or manage its total value.

Impact

This vulnerability can lead to a complete Denial of Service for the treasury, as it can become unable to withdraw or manage funds effectively. The treasury's _totalValue will inaccurately reflect the value of tokens that cannot be utilized.

Tools Used

Manual code review

Recommendations

Implement a Whitelist of ERC-20 Tokens: Establish a whitelist of approved ERC-20 tokens that can be deposited into the treasury. This whitelist should be managed by an admin, ensuring that only trusted tokens are accepted, thereby mitigating the risk of Denial of Service attacks from malicious tokens.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Treasury::deposit increments _totalValue regardless of the token, be it malicious, different decimals, FoT etc.

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.