Skip to content
This repository has been archived by the owner on Jun 2, 2024. It is now read-only.

0xGoodess - Even though there is way to remove dust delegation; the attacker can continuously spam delegatedVeCvg #51

Closed
sherlock-admin opened this issue Nov 29, 2023 · 0 comments
Closed

0xGoodess - Even though there is way to remove dust delegation; the attacker can continuously spam delegatedVeCvg #51

sherlock-admin opened this issue Nov 29, 2023 · 0 comments
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Nov 29, 2023
edited by Czar102
Loading

0xGoodess

medium

Even though there is way to remove dust delegation; the attacker can continuously spam delegatedVeCvg

Summary

Even though there is way to remove dust delegation; the attacker can continuously spam

Vulnerability Detail

While the delegetee can choose to remove any delegation by calling removeTokenIdDelegated, they can only remove 1 tokenId delegation at 1 time. First this is very inefficient, Secondly, an attacker with enough gas and bandwidth can set up infrastructure to continouly spam the victim, such that the victim can not effectively remove delegation.

Consider:

  1. Alice ddos Bob by already delegating 25 dust tokenId to him, effectively blocking him from receiving any further delegataion.
  2. Bob notices this, and start cleaning his delegeted array by calling removeTokenIdDelegated
  3. Alice monitors the mempool and backrun Bob's call removeTokenIdDelegated with delegation.
  4. Bob effectively get gas grieved as well as has no way to stop the spamming.

Noted manageOwnedAndDelegated does not mitigate this issue since there is no way to pre-populate approved delegation yet.

    function removeTokenIdDelegated(uint256 _tokenId, bool removeVeDelegated, bool removeMgDelegated) external {
        if (removeVeDelegated) {
            _cleanVeDelegatee(_tokenId, true);
        }
        if (removeMgDelegated) {
            _removeMgTokenIdDelegated(_tokenId);
        }
    }

Impact

users have no way to effectively stop delegation spam.

Code Snippet

https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Locking/LockingPositionDelegate.sol#L330-L368

Tool used

Manual Review

Recommendation

Consider adding integration of populating delegatedVeCvg on manageOwnedAndDelegated, by allowing others to delegate over an "unlimited" delegationCache, and the owner can clean the array and push the delegation from delegationCache to the active delegatedVeCvg array.
@github-actions github-actions bot closed this as completed Dec 2, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Dec 2, 2023
@nevillehuang nevillehuang removed the Medium A valid Medium severity issue label Dec 22, 2023
@sherlock-admin sherlock-admin changed the title Low Carrot Jellyfish - Even though there is way to remove dust delegation; the attacker can continuously spam delegatedVeCvg 0xGoodess - Even though there is way to remove dust delegation; the attacker can continuously spam delegatedVeCvg Dec 24, 2023
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Dec 24, 2023
@0xDetermination 0xDetermination mentioned this issue Dec 24, 2023
Closed
@nevillehuang nevillehuang mentioned this issue Jan 10, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nevillehuang @sherlock-admin