Core Contracts

Summary

The Treasury.sol contract allows any actor to deposit arbitrary ERC-20 tokens. This introduces a critical issue because these tokens directly affect _totalValue, which is tracked and updated when deposits and withdrawals occur. A malicious entity could exploit this mechanism to front-run deposits and push _totalValue to type(uint256).max, making all future deposits revert and effectively causing a denial of service (DoS) attack on the treasury.

Vulnerability Details

Denial of Service via Malicious ERC-20 Token

Root Cause:

1. The deposit() function increases _totalValue by the deposited amount:

   _totalValue += amount;

2. A malicious ERC-20 token can be designed to return true for all transferFrom() calls without actually transferring tokens.

3. The attacker front-runs legitimate deposits by calling deposit() with:

   type(uint256).max - _totalValue;

   This forces _totalValue to reach its maximum possible value.

4. Once _totalValue == type(uint256).max, all future deposits will revert due to Solidity's built-in overflow protection.

Exploit Scenario:

• A threat actor deploys a malicious ERC-20 token that does not enforce actual transfers but always returns true on transferFrom().

• They repeatedly front-run deposit transactions, maxing out _totalValue.

• Any legitimate deposit attempt fails because adding any amount would exceed type(uint256).max, triggering a revert.

• The treasury contract becomes permanently unusable as no further deposits can be made.

Impact

• Denial of Service (DoS): The treasury contract is rendered inoperable as deposits become impossible.

• Protocol Disruption: Users and protocol functions relying on treasury deposits will fail.

Tools Used

• Manual Code Review

Recommendations

1. Use Checked Arithmetic:

   • Ensure _totalValue + amount does not exceed type(uint256).max before updating _totalValue.

   • Example fix:

     require(_totalValue + amount > _totalValue, "Overflow detected");

     _totalValue += amount;

2. Restrict Token Deposits:

   • Implement a whitelist for allowed ERC-20 tokens to prevent deposits from non-standard or malicious tokens.

   • Ensure deposited tokens conform to expected behavior by validating their balance and transfer logic.

3. Cap Maximum Deposit Amounts:

   • Introduce a reasonable upper limit for deposits to prevent excessive values from being processed.

   • Example:

     require(amount < MAX_DEPOSIT_LIMIT, "Deposit amount too large");

By implementing these mitigations, the Treasury contract can safeguard against front-running DoS attacks and ensure the integrity of fund management operations.