Platform: Code4rena
Start Date: 17/02/2022
Pot Size: $75,000 USDC
Total HM: 20
Participants: 39
Period: 7 days
Judges: moose-code, JasoonS
Total Solo HM: 13
Id: 89
League: ETH
Rank: 6/39
Findings: 5
Award: $5,902.17
π Selected for report: 2
π Solo Findings: 0
π Selected for report: danb
Also found by: Meta0xNull, Ruhum, cmichel, csanuragjain, hyh, kirk-baird, leastwood, minhquanym, robee, throttle
242.812 USDC - $242.81
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/VUSD.sol#L53
processWithdrawals can process limited amount in each call. an attacker can push to withdrawals enormous amount of withdrawals with amount = 0. in order to stop the dos attack and process the withdrawal, the governance needs to spend as much gas as the attacker. if the governance doesn't have enough money to pay for the gas, the withdrawals can't be processed.
Alice wants to attack vusd, she spend 1millions dollars for gas to push as many withdrawals of amount = 0 as she can. if the governance wants to process the deposits after alices empty deposits, they also need to spend at least 1 million dollars for gas in order to process alice's withdrawals first. but the governance doesn't have 1 million dollar so the funds will be locked.
set a minimum amount of withdrawal. e.g. 1 dollar
function withdraw(uint amount) external { require(amount >= 10 ** 6); burn(amount); withdrawals.push(Withdrawal(msg.sender, amount)); }
#0 - atvanguard
2022-02-24T04:06:26Z
Confirming this is an issue. Would classify it as 2 (Med Risk) because this attack is expensive to carry out.
#1 - moose-code
2022-03-06T14:21:34Z
Would be interested to see the exact gas cost of executing withdraw. The thing is the grievance costs only gas to execute and the withdraw function is relatively cheap from first glance. The main issue here is that it can become SUPER expensive to clear the que in gas. I.e. if the attacker builds up a que of 200 withdrawals, some unknowning sucker is going to pay for more than 200 erc20 transfers in order to get their money out. Thats more than anyone would want to pay, and further since so much gas limit would be needed for this to be executed, to fit into a block you are going to have to pay a huge price.
So basically it costs attacker x to execute, which means it is also going to cost next user likely even more than x to fix the problem.
Also the que is not cleared so processWithdrawals becomes a really expensive function. If the items were cleared and set back to zero it would make it less expensive to de-que the que.
This being said we definitely have this at at least medium. $10k in gas to constantly brick users withdrawls from protocol for a week is a serious issue and not the biggest cost for an attack.
@JasoonS going to put this as medium. Lets discuss whether we want to have it as high.
#2 - moose-code
2022-03-06T15:30:48Z
Okay going to keep this as high. The cost to fix the attack can be more than what the attack costs in total. It also burdens a random unsuspecting user with a really high gas cost to try and get their withdrawal. There are many good suggestions on how to fix this.
4178.2677 USDC - $4,178.27
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/InsuranceFund.sol#L39
in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero.
Alice is the first one to deposit to the insurance fund. she deposits 1 basic unit of vusd (10**-6 dollar), therefore minting one share. then she transferred 1 million vusd to the contract. then bob deposits 500,000 vusd. (500000 * 10**6 basic units) the amount of shares he gets is 500000 * 10**6 * 1 / (1000000* 10**6) = 0 therefore the number of shares didn't change but the balance increased by 500000 dollars. Alice can now withdraw her share and receive her funds back together with bob funds, as he doesn't have any shares.
change to:
if (_pool == 0) { shares = _amount * 10 ** 18; } else {
1253.4803 USDC - $1,253.48
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L144
when an account is liquidated, there is no minimum amount of the swap, which makes it vulnerable for sandwich attacks.
Alice's long position can be liquidated, bob notices it and creates a short position, then liquidates her position, thus swapping the base asset to the quote asset, therefore reducing the base asset price, then he redeems his short position and profits because the price went down.
manual review
set quoteAssetLimit in _reducePosition to prevent the attack
#0 - atvanguard
2022-02-24T04:26:45Z
This is a known issue and is already documented as a @todo in the code.
#1 - moose-code
2022-03-09T21:09:45Z
After long discussion we are going to side with warden on this one. The todo is a bit sparse and the warden really digs on what precautions need to be put in place and the ramifications if they are not adhered. In general, think sprinkle of todos should not indemnify issues related around them as this might let things slip through cracks as wardens will ignore these critical pieces.
#2 - moose-code
2022-03-15T14:01:04Z
With the caveat of putting this in the medium and not high risk cat
π Selected for report: defsec
Also found by: 0v3rf10w, 0x0x0x, 0x1f8b, 0xwags, CertoraInc, Dravee, IllIllI, Meta0xNull, Nikolay, Omik, WatchPug, bobi, cccz, csanuragjain, danb, gzeon, hubble, hyh, itsmeSTYJ, jayjonah8, kenta, kirk-baird, leastwood, pauliax, peritoflores, rfa, robee, sorrynotsorry, ye0lde
142.3223 USDC - $142.32
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L730 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/MarginAccount.sol#L599
the governance can set the registry, therefore setting also the clearingHouse.
the clearingHouse has permissions to liquidate any trader.
also, they can set the clearingHouse in marginAccount and mint for themselves arbitrary amount of vusd, therefore they can steal all the funds.
don't allow the governance to change the registry.
#0 - atvanguard
2022-02-24T06:55:46Z
Duplicate of #40
#1 - JeeberC4
2022-03-24T20:36:04Z
Since this issue was downgraded to a QA level, and the warden did not submit a separate QA report, we've renamed this one to "QA report" for consistency. The original title, for the record, was the admin can liquidate any trader and mint arbitrary vusd amount
85.2867 USDC - $85.29
already checked twice: https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/curve-v2/Swap.vy#L669 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/curve-v2/Swap.vy#L671
the check can be removed, as it's an external view function: https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/curve-v2/Swap.vy#L929
#0 - atvanguard
2022-02-26T06:36:44Z
Not a bug. Just a couple gas optimizations.
#1 - moose-code
2022-03-05T16:22:24Z
Moved to gas opt cat