This repository has been archived by the owner on May 26, 2023. It is now read-only.
0x52 - Adversary can brick refunds by making a large number of small deposits #254
Comments
github-actions
bot
added
Duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
0x52
high
Adversary can brick refunds by making a large number of small deposits
Summary
Refunds call bounty.getLockedFunds which loops through every deposit that has taken place. Since the number of deposits are not limited, an adversary can make a large number of very small deposits. When looping through all the deposits it will cause an out-of-gas error making refunds impossible.
Vulnerability Detail
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/DepositManager/Implementations/DepositManagerV1.sol#L171-L181
To determine the amount of available funds DepositManagerV1#refundDeposit makes a subcall to bountyCore#getLockedFunds.
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/BountyCore.sol#L333-L352
getLockedFunds pulls EVERY deposit and loops through each one. Since the number of deposits are not limited, an adversary can make a large number of very small deposits. When looping through all the deposits it will cause an out-of-gas error making refunds impossible.
Submitting as high risk because when combined with payout breaking methods it will result in all deposited tokens being stuck forever.
Impact
Adversary can permanently break refunds
Code Snippet
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/BountyCore.sol#L333-L352
Tool used
Manual Review
Recommendation
There's no easy solution to fix this without either removing the permissionless nature of funding the bounties or completely redesigning the funding mechanism.
Duplicate of #77
The text was updated successfully, but these errors were encountered: