Lines of code
<https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/PermissionlessBasicPoolFactory.sol#L224&gt;

Vulnerability details

Impact

Detailed description of the impact of this finding.

Proof of Concept

If an attacker makes many deposits of 1 wei the staking pool creator will have to make the withdraws himself to remove the unclaimed reward tokens. This can mean the pool creator will have to spend a huge amount of gas to do these withdrawals.
<https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/PermissionlessBasicPoolFactory.sol#L245&gt;

One could argue this attack won’t happen since the attacker would also spend gas making the deposits. I argue the gas the attacker would spend could be much much less than the gas required to make the withdrawals if the rewards are distributed in many tokens. This happens because the withdraw function loops through every token and performs arithmetic to compute taxes for each token. This doesn’t happen in the deposit function wich is of constant complexity.
<https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/PermissionlessBasicPoolFactory.sol#L224&gt;

An attacker can then force the owner to waste more gas than the excess rewards which would make the excess rewards not worth taking out. The attacker could do this without using much gas himself since the withdraw function is many times

The text was updated successfully, but these errors were encountered:

All reactions