Fast Cerulean Armadillo
High
The CDS contract updateDownsideProtected function lacks proper access control, allowing any user to update the downsideProtected value arbitrarily. This can lead to a denial-of-service (DoS) attack, disrupting deposits and withdrawals.
The root cause of the vulnerability is the absence of access control in the updateDownsideProtected function. Any user can call this function and increase downsideProtected without restriction.
function updateDownsideProtected(uint128 downsideProtectedAmount) external {
downsideProtected += downsideProtectedAmount;
}Setting downsideProtected higher than totalCdsDepositedAmount would DOS deposit and withdrawals because of underflow.
function _updateCurrentTotalCdsDepositedAmount() private {
if (downsideProtected > 0) {
totalCdsDepositedAmount -= downsideProtected;Or setting lower values would make totalCdsDepositedAmount different and broke the all contract calculations
No response
No response
- The attacker calls updateDownsideProtected with a very high value.
- The _updateCurrentTotalCdsDepositedAmount function reduces totalCdsDepositedAmount by downsideProtected, causing setting the value to zero.
- withdrawals and other operations fail due to incorrect values in totalCdsDepositedAmount, breaking core protocol logic.
Deposits and withdrawals are disrupted. The total deposited amount is manipulated, causing incorrect calculations throughout the contract.
No response
Restrict updateDownsideProtected to only authorized borrowing contract