You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I believe factory may be vulnerable to a DOS attack on the value field. Depending on costing parameters, this could either make it more expensive to insert factories or it could make it greater than the budget which would break insertions
I'm going to double check and write a description
Here is the attack:
offchain, define an "attacking policy" as a native script with a random salt, that happens to put the policy id as being lesser than the authen policy id
generate as many of these policies as necessary, with the asset name being empty and the quantity being 1
insert these assets into the value along with the factory NFT, when a new DEX is made.
because the quantity_of has to be a linear search left to right over the list, this operation has to skip over every policy that has been inserted, consuming exunits
depending on how much this costs, this could cause the budget to be exceeded, which would freeze the ability of minswap to insert more dexes
to validate this attack, we would have to consider the memory usage of the quantity_of operation for large numbers of policies, and whether the necessary count of policies can actually fit in a transaction which constructs a valid factory
to resolve this attack, simply limit the number of values in the factory value to the maximum necessary
Also, on a technicality, you have to mint all the attacking assets in a transaction before the attack, because the tx prevents minting other assets, but it's still viable because you can just spend the assets from a user input from a previous tx
The text was updated successfully, but these errors were encountered:
Suggested by @micahkendall
I believe factory may be vulnerable to a DOS attack on the value field. Depending on costing parameters, this could either make it more expensive to insert factories or it could make it greater than the budget which would break insertions
I'm going to double check and write a description
Here is the attack:
The text was updated successfully, but these errors were encountered: