Skip to content
This repository has been archived by the owner on Jun 2, 2024. It is now read-only.

kutugu - Malicious pausing auction attack #279

Closed
sherlock-admin2 opened this issue Dec 1, 2023 · 0 comments
Closed

kutugu - Malicious pausing auction attack #279

sherlock-admin2 opened this issue Dec 1, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Dec 1, 2023
edited by sherlock-admin
Loading

kutugu

medium

Malicious pausing auction attack

Summary

The third party can control the gas and cause the external call of the contract to fail, but the remaining 1 / 64 gas can still execute the subsequent logic try/catch normally, causing problems in the pause logic.

Vulnerability Detail

This issue involves the fix from the previous review, refer to: M-12M-15.
The main problem has been detailed in M-15, but due to intentional design, the previous contract would not catch OOG errors, but the fix in M-12 will now catch OOG errors.
Therefore, a malicious attacker can use a carefully designed gas amount to maliciously suspend the contract operation.

Impact

The contract was maliciously suspended and had to wait for the owner to unpause and mint coins.

Code Snippet

Tool used

Manual Review

Recommendation

Check gas limits or handle different errors differently

Duplicate of #243
@github-actions github-actions bot closed this as completed Dec 6, 2023
@github-actions github-actions bot added the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Dec 6, 2023
@sherlock-admin sherlock-admin changed the title Urban Gingham Chinchilla - Malicious pausing auction attack kutugu - Malicious pausing auction attack Dec 13, 2023
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Dec 13, 2023
@Czar102 Czar102 added the Medium A valid Medium severity issue label Dec 21, 2023
@sherlock-admin sherlock-admin added Reward A payout will be made for this issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label and removed Non-Reward This issue will not receive a payout labels Dec 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Czar102 @sherlock-admin @sherlock-admin2