DDOS attack base on _nextOrderId value can be set MAX by attacker lead to other customers can't create a new sell_order
DDOS attack base on _nextOrderId value can be set MAX by attacker lead to other customers can't create a new sell_order
Description
-
The _nextOrderId was set uint256 sizes,can be controlled the by seller when they try to create a new sell order,but the source codes didn't check the value of _nextOrderId,so when the value was added to 2^256 - 1, the value of _nextOrderId will overflow,but on Solidity ^0.8.0 will prevent overflow from happening and stop the code from running by throwing an exception that createSellOrder function will not running successful forever.
uint256 orderId = _nextOrderId++;
-
Other bug is the nextOrderId++ was running before transfer that attacker can maliciously accumulate _nextOrderId values through unsuccessful transactions to make DDOS attacks more rapid.
uint256 orderId = _nextOrderId++;IERC20(_tokenToSell).safeTransferFrom(msg.sender, address(this), _amountToSell); -
Impact:
DDOS attack
Proof of Concept
Recommended Mitigation
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.