Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
Permanent freezing of funds
Description
Brief / Intro
The staking contract allows unlimited stake entries per user with no minimum deposit amount, enabling attackers to grief victim accounts by depositing tiny amounts on their behalf. This bloats the victim's stake array, making withdrawals impossible or extremely expensive due to gas limits when processing the oversized array.
Vulnerability Details
The staking contract implements the ERC4626 standard which allows deposits on behalf of other users, but lacks:
Minimum deposit amount requirement
Maximum stake entry limit per user
When an attacker deposits tiny amounts repeatedly on a victim's behalf, it creates thousands of stake entries. During withdrawal, the contract must iterate through all entries, potentially exceeding block gas limits or making withdrawal prohibitively expensive.
Relevant code snippets:
Impact Details
Victim funds may become effectively trapped or extremely expensive to withdraw as the victim must pay very high gas to iterate and consume many tiny stake entries.
Easy to execute: attack requires only many small repeated deposits, potentially done by many addresses.
Depending on chain block gas limits and implementation details, some victims may be unable to withdraw funds permanently due to gas limit errors.
References / Suggested Mitigations
Here are sample implementations which can mitigate this vulnerability. Consider implementing one or more of these solutions.
Option 1: Add minimum deposit amount
Option 2: Limit stake entries per user
(Implementors may also consider hybrid approaches: minimum deposit + limited entries + aggregation of tiny deposits into an existing stake entry, or allow users to prune/compact stakes with a gasless relayer/tiny-batch helper.)
Proof of Concept
Add the following test functions within the describe("Staking features") block inside the staking.test.ts test file. These tests demonstrate gas usage difference between a regular withdrawal and a withdrawal after an attacker has griefed a victim by creating many tiny stake entries.
// @audit - No protection against tiny deposits in deposit function and who can deposit on behalf of user
function _deposit(
address by,
address to,
uint256 assets,
uint256 shares
) internal override {
super._deposit(by, to, assets, shares);
// lock freshly minted shares
stakes[to].push(Stake({shares: shares, timestamp: block.timestamp}));
}
// @audit - Vulnerable stake consumption logic - must iterate through ALL stake
function _consumeUnlockedSharesOrRevert(
address staker,
uint256 need
) internal {
Stake[] storage userStakes = stakes[staker];
uint256 _min = minStakePeriod;
uint256 nowTs = block.timestamp;
uint256 remaining = need;
for (uint256 i; i < userStakes.length && remaining > 0; ) {
// @audit - Processing logic that must iterate through ALL entries of user
// ...
}
}
