popeye - Malicious pausing of Auction Contract via Gas Exception on Internal Mint

[sherlock-admin2]

popeye

medium

Malicious pausing of Auction Contract via Gas Exception on Internal Mint

Summary

The settleCurrentAndCreateNewAuction() function can be used by any user to pause the Auction contract. This occurs by causing the internal _createAuction() call to fail via a child call gas limit exception during the token.mint() execution.

Vulnerability Details

The settleCurrentAndCreateNewAuction() function makes an internal call to _createAuction().

    function settleCurrentAndCreateNewAuction() external nonReentrant whenNotPaused {
        _settleAuction();
        _createAuction();
    }

Inside _createAuction(), an NFT minting occurs through token.mint()

       try token.mint() returns (uint256 tokenId) {

According to the EIP-150 call opcode can consume as most 63/64 of parrent calls' gas. That means token.mint() can fail since there will be no gas.

All in all, if token.mint() fail on gas and the rest gas is enough for pausing the contract by calling _pause in catch statement the contract will be paused.

Please note, that a bug can be exploitable if the token.mint() consume more than 1.500.000 of gas, because 1.500.000 / 64 > 20.000 that need to pause the contract. Also, the logic of token.mint() includes traversing the array up to 100 times, that's heavy enough to reach 1.500.000 gas limit.

Impact

Contract can be paused by any user by passing special amount of gas for the call of settleCurrentAndCreateNewAuction (which consists of two internal calls of _settleAuction and _createAuction functions).

Code Snippet

https://github.com/sherlock-audit/2023-09-nounsbuilder/blob/main/nouns-protocol/src/auction/Auction.sol#L238-L241
https://github.com/sherlock-audit/2023-09-nounsbuilder/blob/main/nouns-protocol/src/auction/Auction.sol#L292-L329

Tool used

Manual Review

Recommendation

To address this, the minting logic should be separated into its own private function with a passed-in gas stipend sufficient to prevent exceptions:

// @notice Mints NFT safely with sufficient gas parameters 
// @return tokenId The minted token ID 
// @dev Provides sufficient gas to prevent child call exceptions
function safeMint() private returns (uint256 tokenId){

  uint256 gas = 1500000; // approx observed mint gas cost

  try Token(token).mint(){gas: gas} returns (uint256 tokenId){
      return tokenId;
  }catch{
    revert AuctionCreationFailed(); 
  }
}

function _createAuction(){
  uint256 tokenId = safeMint();
  // additional logic
}

Duplicate of #243