Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amusing Opaque Bear - Potential DOS being experienced in the Bracket.sol #862

Open
sherlock-admin3 opened this issue Dec 9, 2024 · 0 comments
Open

Amusing Opaque Bear - Potential DOS being experienced in the Bracket.sol #862

sherlock-admin3 opened this issue Dec 9, 2024 · 0 comments

Comments

@sherlock-admin3
Copy link
Contributor

Amusing Opaque Bear

High

Potential DOS being experienced in the Bracket.sol

Summary

As there is no fees on the createOder and cancelOrder Malicious actor can create a contract which perform multiple transaction resulting in creating and canceling the order to increase the gas prices and stopping the actual users to use the protocol .

Root Cause

Because there is no fees being charged on creating the order and cancelling the order and being getting the whole refund on cancelling the order. Malicious actor will create a contract which will continously create and cancel order respectively. AS the L2 chain has less gas prices the malicious actor will not loose much of his funds doing this and it will result in increase the gas price, reaching the pendingOrderLimit and creating a DOS situation where actual user will not be able to do use the platform.
https://github.com/sherlock-audit/2024-11-oku/blob/main/oku-custom-order-types/contracts/automatedTrigger/Bracket.sol#L184-L213
https://github.com/sherlock-audit/2024-11-oku/blob/main/oku-custom-order-types/contracts/automatedTrigger/Bracket.sol#L309-L313

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  • Malicious Actor will create a malicious contract .
  • Let's Suppose he will create an Order with high completion probability which means his order will not get filled instantly.
  • He will use the contract which will perform this functions , He will create an order then he will cancel the order.
  • After cancelling he will get the refund without being charged.
  • He will keep on doing this which will result in increase in gas prices and DOS situation making other users to cost more or exceeding the pendingOrderLimit which will stop other user from interacting with the platform.

Impact

Severity :- High
Likelihood :- Medium

  • Potential Risk of DOS, Increase in gas prices for other users to interact with the platform, Exceeding pendingOrderLimit stops actual users from placing new orders .

PoC

No response

Mitigation

Maybe adding cooldown period after cancellingOrder to create new Order will help.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin3