Back to kaden's contests

Drips Protocol contest - kaden's results

An Ethereum protocol for streaming and splitting funds.

General Information

Platform: Code4rena

Start Date: 25/01/2023

Pot Size: $90,500 USDC

Total HM: 3

Participants: 26

Period: 9 days

Judge: GalloDaSballo

Id: 209

League: ETH

Drips Protocol

Findings Distribution

Researcher Performance

Rank: 5/26

Findings: 1

Award: $2,979.90

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryDrips Protocol

Findings Information

🌟 Selected for report: berndartmueller

Also found by: kaden

Labels

bug
2 (Med Risk)
grade-c
partial-50
duplicate-276

Awards

2979.9003 USDC - $2,979.90

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/Drips.sol#L450

Vulnerability details

Squeezing drips requires verifying the entire history of that drip. This means iterating over an unbounded loop of the size of the history

for (uint256 i = 0; i < dripsHistory.length; i++) {
	DripsHistory memory drips = dripsHistory[i];
	bytes32 dripsHash = drips.dripsHash;
	if (drips.receivers.length != 0) {
		require(dripsHash == 0, "Drips history entry with hash and receivers");
		dripsHash = _hashDrips(drips.receivers);
	}
	historyHashes[i] = historyHash;
	historyHash = _hashDripsHistory(historyHash, dripsHash, drips.updateTime, drips.maxEnd);
}

As a result of having to iterate over the entire history, if the history exceeds a certain size, the total gas cost of squeezing that drip will exceed the block gas limit, making it impossible to ever squeeze from that drip. This means that all tokens from that drip would be locked in the contract until the drips are complete.

#0 - c4-judge

2023-02-09T11:39:12Z

GalloDaSballo marked the issue as duplicate of #274

#1 - c4-judge

2023-02-09T11:39:27Z

GalloDaSballo marked the issue as partial-50

#2 - GalloDaSballo

2023-02-09T11:39:43Z

50% because of the lack of clear explanation on how this goes from a potential issues into a real grief

#3 - c4-judge

2023-02-23T12:27:02Z

GalloDaSballo marked the issue as not a duplicate

#4 - c4-judge

2023-02-23T12:27:10Z

GalloDaSballo changed the severity to QA (Quality Assurance)

#5 - GalloDaSballo

2023-02-23T12:27:16Z

L --

#6 - GalloDaSballo

2023-02-28T16:23:37Z

TODO: See #276

#7 - c4-judge

2023-02-28T16:30:02Z

GalloDaSballo marked the issue as grade-c

#8 - GalloDaSballo

2023-02-28T16:30:08Z

Closing for validation, will re-judge later

#9 - c4-judge

2023-03-01T14:51:27Z

This previously downgraded issue has been upgraded by GalloDaSballo

#10 - c4-judge

2023-03-01T14:51:28Z

This previously downgraded issue has been upgraded by GalloDaSballo

#11 - c4-judge

2023-03-01T14:52:03Z

GalloDaSballo marked the issue as duplicate of #276

#12 - c4-judge

2023-03-01T14:52:15Z

GalloDaSballo marked the issue as partial-50

#13 - GalloDaSballo

2023-03-01T14:52:36Z

In lack of the front-run exploit am downgrading by half

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter