Skip to content

Swarm Fix: DoS issue in liquidation #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
willkhinz wants to merge 1 commit into
base: main
Choose a base branch
from
+36 −0
Open

Swarm Fix: DoS issue in liquidation #23

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions FIX_PROPOSAL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
To address the DoS issue in liquidation, I've reviewed the repository and issue report. The issue seems to be related to a potential Denial-of-Service (DoS) vulnerability in the liquidation mechanism of the TermMax protocol.

**Proposed Solution:**

To mitigate the DoS issue, I recommend implementing a rate limiting mechanism for liquidation requests. This can be achieved by introducing a cooldown period between consecutive liquidation requests from the same user.

**Code Fix:**
```solidity
// Add a mapping to store the last liquidation request timestamp for each user
mapping (address => uint256) public lastLiquidationRequest;

// Modify the liquidation function to include rate limiting
function liquidate(address user) public {
// Check if the user has already made a liquidation request recently
if (block.timestamp - lastLiquidationRequest[user] < 1 minutes) {
// If the cooldown period has not passed, revert the transaction
revert("Liquidation request rate limit exceeded");
}

// Update the last liquidation request timestamp for the user
lastLiquidationRequest[user] = block.timestamp;

// Proceed with the liquidation logic
// ...
}
```
**Explanation:**

1. A `lastLiquidationRequest` mapping is introduced to store the timestamp of the last liquidation request for each user.
2. In the `liquidate` function, a check is added to verify if the user has already made a liquidation request within the last 1 minute (configurable cooldown period).
3. If the cooldown period has not passed, the transaction is reverted with a "Liquidation request rate limit exceeded" error message.
4. If the cooldown period has passed, the `lastLiquidationRequest` timestamp is updated for the user, and the liquidation logic proceeds as usual.

**Bounty Claim:**

If this solution is deemed valuable and addresses the DoS issue in liquidation, I claim the bounty reward as per the Immunefi guidelines. Please review and verify the proposed solution to determine its validity and eligibility for the bounty.