Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Attacker can cause treasury DoS

dentonylifer

Summary

Attacker can cause treasury DoS, because any token can be used in deposit() function.

Vulnerability Details

Link

Variable _totalValue will be increased by any amount of any deposited token. Attacker can create malicious custom token and deposit type(uint256).max - 1 amount of the token (in one transaction or multiple), causing _totalValue to become big enough to overflow in all future deposits.

function deposit(address token, uint256 amount) external override nonReentrant {
if (token == address(0)) revert InvalidAddress();
if (amount == 0) revert InvalidAmount();
IERC20(token).transferFrom(msg.sender, address(this), amount);
_balances[token] += amount;
_totalValue += amount;
emit Deposited(token, amount);
}

Impact

Treasury can be DoSed forever, because any future deposts will revert due to overflow in _totalValue.

Tools Used

Manual reveaw.

Recommendations

Allow only whitelisted tokens with limited totalSuply() to be deposited, or even remove _totalValue variable.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Treasury::deposit increments _totalValue regardless of the token, be it malicious, different decimals, FoT etc.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.