Flat Tartan Mantis
Medium
A vulnerability exists in the NounsAuctionHouseV2 contract where functions such as getSettlements, warmUpSettlementState, and setPrices process an unbounded number of iterations. This can lead to gas exhaustion when called with large inputs, resulting in denial of service (DoS) and potential disruptions to the contract's operations.
Location Contract: NounsAuctionHouseV2.sol Functions: getSettlements, warmUpSettlementState, setPrices
No response
No response
-
Deploy malicious contract The attacker deploys the Attacker contract with the address of the NounsAuctionHouseV2 contract.
-
Generate large range of IDs The attacker provides a very large range (startId and endId) to overload the loop in the warmUpSettlementState function.
-
Invoke vulnerable function The attacker calls the attack function, which invokes warmUpSettlementState on the target contract with the large range.
-
Gas exhaustion The unbounded loop consumes all available gas, causing the transaction to fail and disrupting the contract's functionality for legitimate users.
Denial of Service (DoS). Legitimate users may face disruptions in contract operations due to gas exhaustion during malicious or accidental calls to these functions with large inputs.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;
import "./NounsAuctionHouseV2.sol";
contract Attacker {
function attack(NounsAuctionHouseV2 auctionHouse, uint256 startId, uint256 endId) public {
// Attempt to process a very large range of IDs
auctionHouse.warmUpSettlementState(startId, endId);
}
}
No response