GetInflationAmount can run out of gas
#477
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-710
edited-by-warden
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
2 (Med Risk)
C4-Staff
added a commit
that referenced
this issue
Jan 6, 2023
|
GalloDaSballo marked the issue as duplicate of #139 |
|
GalloDaSballo marked the issue as not a duplicate |
c4-judge
added
QA (Quality Assurance)
|
Duplicate of #710 |
|
L |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/RewardsPool.sol#L74
Vulnerability details
Impact
The loop within
getInflationAmountcan run out of gas, irreversibly breaking the contractProof of Concept
Currently, the function
startRewardsCyclecallsinflatewhich then callsgetInflationAmountin order to receive the inflated supply. However, during the functiongetInflationAmountit loops over allinflationIntervalsElapsed, which is in most cases 28 days, when called regularly. However, ifstartRewardsCycleis not called regularly, this means thatinflationIntervalStartTimeis not updated regularly:addUint(keccak256("RewardsPool.InflationIntervalStartTime"), inflationIntervalElapsedSeconds);this will then eventually lead to to a DoS where the loop runs out of gasfor (uint256 i = 0; i < inflationIntervalsElapsed; i++) {due to too many elapsed inflation intervals.Tools Used
VSCode
Recommended Mitigation Steps
Currently, there is no easy solution. One could implement pagination for the loop to prevent this issue, however, this would need a larger logic change. Therefore our recommendation is to a) keep an eye on the duration time and b) eventually use chainlink automation to call
startRewardsCycleevery 28 days.Eventually, one could also set an upper limit of
inflationIntervalsElapsedand if this limit is exceeded, simply exceed e.g. 50 loops.https://docs.chain.link/chainlink-automation/introduction
*This is the first contest i took part, therefore my submissions might not be ideal yet, if there are any questions feel free to contact me directly in discord :-)
** While this issue initially was assessed as
HIGH, we think thatMEDIUMis here more appropriate because we do not see this happening in production (it would take quite some weeks of forgetting to call the function), however, the code itself is still vulnerable for this issue and in our opinion this is what counts.The text was updated successfully, but these errors were encountered: