Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Unlimited Vault Creation #65

Open
meetjn opened this issue Jan 29, 2025 · 1 comment · May be fixed by #66
Open

Bug: Unlimited Vault Creation #65

meetjn opened this issue Jan 29, 2025 · 1 comment · May be fixed by #66

Comments

@meetjn
Copy link
Contributor

meetjn commented Jan 29, 2025

Issue:

Any address can create unlimited funding vaults via deployFundingVault()

Why Fix?

Potential spam/DoS vector
Could bloat contract state and increase gas costs

Solution: Inside the FairFund.sol file

// Define a custom error

error FairFund__VaultLimitExceeded(address user, uint256 maxAllowed);

State variables
uint256 public constant MAX_VAULTS_PER_ADDRESS = 5;
mapping(address => uint256) private s_vaultsCreated;

function deployFundingVault(
    address _fundingToken,
    address _votingToken,
    uint256 _minRequestableAmount,
    uint256 _maxRequestableAmount,
    uint256 _tallyDate
) external returns (address) {
    // Check if the user has reached their vault creation limit
    if (s_vaultsCreated[msg.sender] >= MAX_VAULTS_PER_ADDRESS) {
        revert FairFund__VaultLimitExceeded(msg.sender, MAX_VAULTS_PER_ADDRESS);
    }

    // Increment the vault count for the user
    s_vaultsCreated[msg.sender]++;

    // Rest of the function logic...
}

@adityabhattad2021 I would like to solve this bug
meetjn added a commit to meetjn/FairFund that referenced this issue Jan 29, 2025
@meetjn
Fix: limits unlimited vault creation. closes StabilityNexus#65
b78a976
@meetjn meetjn linked a pull request Jan 29, 2025 that will close this issue
Open
@adityabhattad2021
Copy link
Contributor

I think this is not a problem as spamming a smart contract costs gas, so why would anyone do that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix: limits unlimited vault creation. closes #65 meetjn/FairFund
2 participants
@adityabhattad2021 @meetjn