Transfer Limit of UNI Tokens May Lead to a DoS and Token Loss Risk
Contest
Reward
Total
87.08 USDC
Selected Submission
Transfer Limit of UNI Tokens May Lead to a DoS and Token Loss Risk
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-10-SteadeFi/blob/0f909e2f0917cb9ad02986f631d622376510abec/contracts/strategy/gmx/GMXWithdraw.sol#L193-L194
https://github.com/Cyfrin/2023-10-SteadeFi/blob/0f909e2f0917cb9ad02986f631d622376510abec/contracts/strategy/gmx/GMXWithdraw.sol#L47-L52
https://github.com/Cyfrin/2023-10-SteadeFi/blob/0f909e2f0917cb9ad02986f631d622376510abec/contracts/strategy/gmx/GMXEmergency.sol#L191-L192
Summary
Users who accumulate more than 2^96 UNI tokens may lose their tokens because transfers above that will always revert.
Vulnerability Details
The UNI token contract imposes a transfer limit, restricting the maximum amount of tokens that can be transferred in a single transaction to 2^96 UNI tokens. Any transfer exceeding this threshold will trigger a transaction revert. The contract relies on the balanceOf function to verify the sender's token balance before proceeding with a transfer.
self.tokenA.safeTransfer(self.withdrawCache.user, self.tokenA.balanceOf(address(this)));
such a transfer will always revert for balances above 2^96 UNI tokens
https://github.com/d-xo/weird-erc20#revert-on-large-approvals--transfers
Impact
Users who accumulate more than 2^96 UNI tokens may lose their tokens due to a DOS revert when attempting to withdraw their token balance.
Tools Used
https://github.com/d-xo/weird-erc20#revert-on-large-approvals--transfers
Recommendations
Contracts should always check the amount of UNI being transferred before processing the transaction.