Skip to content
This repository was archived by the owner on Jun 15, 2025. It is now read-only.
This repository was archived by the owner on Jun 15, 2025. It is now read-only.

Amusing Opaque Bear - Potential DOS being experienced in the Bracket.sol #862

Open
Open
Amusing Opaque Bear - Potential DOS being experienced in the Bracket.sol#862
@sherlock-admin3

Description

@sherlock-admin3
sherlock-admin3
opened on Dec 9, 2024

Amusing Opaque Bear

High

Potential DOS being experienced in the Bracket.sol

Summary

As there is no fees on the createOder and cancelOrder Malicious actor can create a contract which perform multiple transaction resulting in creating and canceling the order to increase the gas prices and stopping the actual users to use the protocol .

Root Cause

Because there is no fees being charged on creating the order and cancelling the order and being getting the whole refund on cancelling the order. Malicious actor will create a contract which will continously create and cancel order respectively. AS the L2 chain has less gas prices the malicious actor will not loose much of his funds doing this and it will result in increase the gas price, reaching the pendingOrderLimit and creating a DOS situation where actual user will not be able to do use the platform.
https://github.com/sherlock-audit/2024-11-oku/blob/main/oku-custom-order-types/contracts/automatedTrigger/Bracket.sol#L184-L213
https://github.com/sherlock-audit/2024-11-oku/blob/main/oku-custom-order-types/contracts/automatedTrigger/Bracket.sol#L309-L313

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  • Malicious Actor will create a malicious contract .
  • Let's Suppose he will create an Order with high completion probability which means his order will not get filled instantly.
  • He will use the contract which will perform this functions , He will create an order then he will cancel the order.
  • After cancelling he will get the refund without being charged.
  • He will keep on doing this which will result in increase in gas prices and DOS situation making other users to cost more or exceeding the pendingOrderLimit which will stop other user from interacting with the platform.

Impact

Severity :- High
Likelihood :- Medium

  • Potential Risk of DOS, Increase in gas prices for other users to interact with the platform, Exceeding pendingOrderLimit stops actual users from placing new orders .

PoC

No response

Mitigation

Maybe adding cooldown period after cancellingOrder to create new Order will help.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions