Back to Rohan16's contests

Canto Dex Oracle contest - Rohan16's results

Execution layer for original work.

General Information

Platform: Code4rena

Start Date: 07/09/2022

Pot Size: $20,000 CANTO

Total HM: 7

Participants: 65

Period: 1 day

Judge: 0xean

Total Solo HM: 3

Id: 159

League: ETH

Canto

Findings Distribution

Researcher Performance

Rank: 26/65

Findings: 1

Award: $107.40

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryCanto

Findings Information

🌟 Selected for report: 0xhunter

Also found by: BipinSah, Rohan16, Sm4rty, Tomo, fatherOfBlocks, m_Rassska, oyc_109, prasantgupta52, rokinot

Labels

bug
duplicate
2 (Med Risk)

Awards

664.9949 CANTO - $107.40

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-09-canto/tree/main/src/Swap/BaseV1-core.sol#L96 https://github.com/code-423n4/2022-09-canto/tree/main/src/Swap/BaseV1-core.sol#L149 https://github.com/code-423n4/2022-09-canto/tree/main/src/Swap/BaseV1-core.sol#L242 https://github.com/code-423n4/2022-09-canto/tree/main/src/Swap/BaseV1-core.sol#L248 https://github.com/code-423n4/2022-09-canto/tree/main/src/Swap/BaseV1-core.sol#L249 https://github.com/code-423n4/2022-09-canto/tree/main/src/Swap/BaseV1-core.sol#L608 https://github.com/code-423n4/2022-09-canto/tree/main/src/Swap/BaseV1-core.sol#L564 https://github.com/code-423n4/2022-09-canto/tree/main/src/Swap/BaseV1-core.sol#L565 https://github.com/code-423n4/2022-09-canto/tree/main/src/Swap/BaseV1-core.sol#L566

Vulnerability details

Denial Of Service Attack

Denial-of-service attacks: Attacks that cause DoS are called DoS attacks. The purpose is to disable the computer or network from providing normal service.

Description:

As this array can grow quite large, the transaction’s gas cost could exceed the block gas limit and make it impossible to call this function at all

//Actual Codes used:
src/Swap/BaseV1-core.sol:96:        observations.push(Observation(block.timestamp, 0, 0,0));
src/Swap/BaseV1-core.sol:149:            observations.push(Observation(blockTimestamp, reserve0CumulativeLast, reserve1CumulativeLast, totalSupplyCumulativeLast));

Instances where loop is run on operations array which will lead to unbounded loop

//Actual codes used
src/Swap/BaseV1-core.sol:242:        uint lastIndex = observations.length-1;
..
src/Swap/BaseV1-core.sol:248:         for(; i < lastIndex; i+=window)
src/Swap/BaseV1-core.sol:249:             nextIndex = i + window;

//Actual Codes used:
src/Swap/BaseV1-core.sol:608:        allPairs.push(pair);

Instances where loop is run on operations array which will lead to unbounded loop

//Actual codes used
src/Swap/BaseV1-core.sol:608:        allPairs.push(pair)
src/Swap/BaseV1-core.sol:564:         for (uint i; i < allPairs.length; ) {
src/Swap/BaseV1-core.sol:565:             BaseV1Pair(allPairs[i]).setPeriodSize(newPeriod);
src/Swap/BaseV1-core.sol:566:             unchecked {++i;}

Recommendations

Consider introducing a reasonable upper limit based on block gas limits and/or adding a remove method to remove elements in the array.

Details can be looked over here

https://medium.com/@Knownsec_Blockchain_Lab/in-depth-understanding-of-denial-of-service-vulnerabilities-dd437b1d7a1c

#0 - nivasan1

2022-09-09T17:45:01Z

duplicate #8

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter