Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Treasury deposits can be permanently DOSed

copperscrewer

Summary

The Treasury deposit can be permenantly DOSed for deposits because of a overflow bug, where a malicious actor can prevent other users from depositing

Vulnerability Details

` function deposit(address token, uint256 amount) external override nonReentrant {
if (token == address(0)) revert InvalidAddress();
if (amount == 0) revert InvalidAmount();
IERC20(token).transferFrom(msg.sender, address(this), amount);
_balances[token] += amount;
@> _totalValue += amount;
emit Deposited(token, amount);
}

We can see that _totalValue is incremented for every deposit irrespective of the token. This means that a malicious User can create a Malicious token contract and deposit the maximum possible value for uint256.

After this the _totalValue variable will be near uint256 max limit and any further legitimate deposits will overfow and revert the deposit.

Impact

This will affect every function that relies on treasury deposit as its permanently DOSed because of the bug.

Tools Used

manual analysis

Recommendations

Rework totalValue to support value based addition like using oracle prices or DEX like uniswap

Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Treasury::deposit increments _totalValue regardless of the token, be it malicious, different decimals, FoT etc.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.