This repository has been archived by the owner on May 26, 2023. It is now read-only.
hake - Funds can be frozen due to refunding functionality DOS #52
Comments
github-actions
bot
added
Duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
hake
high
Funds can be frozen due to refunding functionality DOS
Summary
There is no limit to the amount of deposits that can be made to a bounty. This could lead to a DOS when trying to get a refund, essentially freezing the funds forever.
Vulnerability Detail
Attacker could submit many 1 wei deposits with the same token to DOS the refund functionality.
This would create many
depositIds.When a
fundercallsrefundDeposit()the function will revert becausebounty.getLockedFunds()will have to iterate through alldepositIdand end up running out of gas.Impact
No
funderwould be able to claim a refund and the funds would be forever frozen.Code Snippet
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/BountyCore.sol#L54
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/DepositManager/Implementations/DepositManagerV1.sol#L151-L172
https://github.com/sherlock-audit/2023-02-openq/blob/main/contracts/Bounty/Implementations/BountyCore.sol#L333-L349
Tool used
Manual Review
Recommendation
Have a universal minimum bounty funding amount so creating many
depositIdbecomes expensive.AND/OR
Have a limit to the number of
depositIdper bounty.Duplicate of #77
The text was updated successfully, but these errors were encountered: