Skip to content

Latest commit

 

History

History
79 lines (52 loc) · 2.43 KB

054.md

File metadata and controls

79 lines (52 loc) · 2.43 KB
Raw

Damaged Amber Rat

Invalid

Potential DoS Vector in MorphoLeverageStrategyExtension::getChunkRebalanceNotional

Summary

The getChunkRebalanceNotional function in MorphoLeverageStrategyExtension is an external function without access restrictions that uses an unbounded loop over a user-supplied array, potentially leading to a Denial of Service (DoS) attack.

Root Cause

The getChunkRebalanceNotional function in MorphoLeverageStrategyExtension is an external function without access restrictions that uses an unbounded loop over a user-supplied array, potentially leading to a Denial of Service (DoS) attack.

function getChunkRebalanceNotional(
    string[] calldata _exchangeNames
)
    external
    view
    returns(uint256[] memory sizes, address sellAsset, address buyAsset)
{
    // ... (previous code omitted for brevity)

    for (uint256 i = 0; i < _exchangeNames.length; i++) {
        // ... (loop body)
    }

    // ... (remaining code)
}

Internal pre-conditions

  1. The function is marked as external and view.
  2. The function accepts an array of exchange names as input.

External pre-conditions

  1. Any external actor can call this function with an arbitrarily large array of exchange names.

Attack Path

  1. An attacker calls getChunkRebalanceNotional with an extremely large array of exchange names.
  2. The function attempts to process all entries, consuming a large amount of gas.
  3. If the gas consumption exceeds the block gas limit, the function becomes uncallable.

Impact

  1. Denial of Service: The function could become unusable if called with a large enough array, preventing legitimate calls.
  2. Gas Exhaustion: Calls to this function with large arrays could consume excessive amounts of gas, leading to transaction failures.
  3. Contract Liveness: If this function is critical for other operations, its unavailability could impact the overall functionality of the contract.
  4. Economic Loss: Failed transactions due to out-of-gas errors still cost gas, potentially leading to economic losses for users.

PoC

No response

Mitigation

Implement a limit on the number of exchange names that can be processed:

function getChunkRebalanceNotional(
    string[] calldata _exchangeNames
)
    external
    view
    returns(uint256[] memory sizes, address sellAsset, address buyAsset)
{
    require(_exchangeNames.length <= MAX_EXCHANGES, "Too many exchanges");

    // ... (rest of the function implementation)
}