Bug Full Withdrawal Of Shares Causes Denial Of Service DOS To Core Protocol

Introduction

This article delves into a critical vulnerability identified within the Lido Finance core protocol, specifically a bug that enables a full withdrawal of shares, leading to a Denial of Service (DOS) condition. This issue stems from the interaction between internal and external shares within the Lido system and the potential for manipulation through the withdrawal queue. In this comprehensive analysis, we will explore the vulnerability in detail, its potential impact, steps to reproduce the bug, and possible solutions to mitigate this risk.

Understanding the Vulnerability: Full Internal Shares Withdrawal

The core of the vulnerability lies in the ability to execute a full withdrawal of internal shares, a scenario previously considered impossible due to the initial minting of shares to the 0xdead address. However, the introduction of withdrawable external shares has inadvertently opened a new attack vector. By minting additional external shares via stVaults and subsequently requesting a withdrawal of all these shares, it becomes feasible to reduce the internal shares to zero. This condition, where internal shares equal the total shares minus external shares, triggers a critical failure in the protocol's calculations.

Share Manipulation and its Impact on Calculations

In the Lido protocol, calculations such as converting shares to assets and vice versa rely on the number of internal shares. When the internal shares are reduced to zero, these calculations result in a division by zero, leading to a reversion of transactions. This vulnerability is specifically located in the Lido.sol contract, where the calculations related to share and asset conversion are performed. The ability to manipulate the share distribution between internal and external holdings can disrupt the fundamental operations of the protocol, as all calculations (of shares to assets and vice versa) will revert in this case from div by 0 revert. This effectively halts critical functionalities and destabilizes the system.

Detailed Explanation of the Vulnerability

At the heart of the issue is the interaction between internal shares and external shares within the Lido protocol. Initially, a certain number of shares are minted to the 0xdead address, which serves as a kind of internal reserve. This design was intended to prevent a scenario where all shares could be withdrawn, ensuring the protocol's stability. However, the introduction of external shares, which can be minted through stVaults, altered this dynamic.

Exploiting the External Share Mechanism

The vulnerability can be exploited by minting a significant number of external shares. Once these shares are minted, an attacker can initiate a withdrawal request for the entire amount. This action effectively drains the internal share pool, as the protocol calculates internal shares by subtracting external shares from the total shares. If the number of external shares equals or exceeds the initial internal shares, the internal share count drops to zero.

The Critical Division by Zero Error

The problem arises when the protocol attempts to perform calculations that involve dividing by the number of internal shares. Common operations, such as determining the amount of assets corresponding to a given number of shares or vice versa, require this calculation. When the internal shares are zero, these operations result in a division by zero error, causing the transaction to revert. This not only prevents the intended operation but also effectively halts any other function that relies on these calculations, leading to a Denial of Service (DOS) condition.

Vulnerability Location in Lido.sol Contract

The specific location of this vulnerability is within the Lido.sol contract, particularly in the functions responsible for converting between shares and assets. These functions are crucial for the core operations of the protocol, such as staking and unstaking. The division by zero error in these functions effectively cripples the protocol's ability to process these operations.

Expected Behavior vs. Actual Outcome

Expected Behavior

Ideally, the Lido protocol should have mechanisms in place to prevent a scenario where internal shares can be fully withdrawn. One potential solution would be for the withdrawal queue to block any withdrawal requests that would reduce internal shares to zero. Alternatively, the protocol could implement a recovery mechanism, such as using the last known share-to-asset ratio to handle calculations in such situations.

Actual Outcome

In the current implementation, the protocol fails to prevent the full withdrawal of internal shares. This leads to a division by zero error in critical calculations, effectively halting the system. The vulnerability demonstrates a gap in the protocol's safeguards, as it does not adequately account for the potential manipulation of internal shares through external share minting and withdrawal.

Inadequacy of Existing Safeguards

It's important to note that simply limiting the number of external shares that can be minted does not fully address the vulnerability. As long as the number of external shares can exceed the initial mint to the 0xdead address, this attack vector remains viable. This highlights the need for a more robust solution that directly addresses the core issue of internal share manipulation.

Potential Impact: Denial of Service

The primary impact of this vulnerability is a Denial of Service (DOS). When the internal shares are reduced to zero and the division by zero error occurs, the core functionalities of the Lido protocol become inoperable. This means that users cannot stake, unstake, or perform other essential operations, effectively paralyzing the system.

Severity of the DOS Attack

A DOS attack on a DeFi protocol like Lido can have severe consequences. It disrupts the service for all users, potentially leading to financial losses and reputational damage. Moreover, a prolonged DOS can erode trust in the protocol and its ability to manage user funds securely.

Wider Implications for the Lido Ecosystem

The impact extends beyond the immediate disruption of services. Lido is a significant player in the DeFi space, and a successful attack on its core protocol could have ripple effects across the ecosystem. Other protocols that rely on Lido or its derivatives could also be affected, potentially leading to a broader crisis.

Steps to Reproduce the Vulnerability

To reproduce this vulnerability, the following steps can be taken:

1. Mint External Shares: Mint a sufficient number of external shares through stVaults. The amount should be large enough to potentially reduce internal shares to zero when withdrawn.
2. Initiate Full Withdrawal: Request a withdrawal of the entire amount of external shares that were minted. This withdrawal should be processed through the withdrawal queue.
3. Trigger Division by Zero: Once the withdrawal is processed and the internal shares are reduced to zero, attempt to perform any operation that involves calculating shares to assets or vice versa. This will trigger the division by zero error and demonstrate the DOS condition.

Verifying the DOS Condition

To verify the DOS condition, you can try to execute a standard function such as staking or unstaking. If the protocol is vulnerable, these operations will fail due to the division by zero error, confirming the successful exploitation of the vulnerability.

Possible Solutions and Mitigation Strategies

Addressing this vulnerability requires a multi-faceted approach to ensure the long-term stability and security of the Lido protocol. Here are some potential solutions:

1. Withdrawal Queue Modifications: Implement checks in the withdrawal queue to prevent withdrawals that would reduce internal shares to zero. This could involve blocking or limiting such withdrawals.
2. Recovery Mechanism: Develop a mechanism to handle cases where internal shares are zero. This could involve using the last known share-to-asset ratio or another method to perform calculations without division by zero.
3. Internal Share Threshold: Establish a minimum threshold for internal shares. The protocol could automatically mint additional internal shares if the count falls below this threshold.
4. Enhanced Monitoring: Implement robust monitoring systems to detect and alert administrators to any unusual activity related to share withdrawals.

Considerations for Implementation

When implementing these solutions, it's crucial to carefully consider the trade-offs and potential side effects. For example, limiting withdrawals could impact user experience, while automated share minting could have implications for the tokenomics of the protocol. Therefore, thorough testing and analysis are essential before deploying any changes to the production environment.

Conclusion

The bug allowing a full withdrawal of shares in the Lido Finance core protocol presents a significant risk of Denial of Service (DOS). By understanding the mechanics of this vulnerability, its potential impact, and the steps required to reproduce it, we can develop effective solutions to mitigate this risk. Implementing robust safeguards, such as modifying the withdrawal queue, establishing a recovery mechanism, and monitoring share activity, will be crucial for ensuring the continued stability and security of the Lido protocol and its ecosystem. Continuous vigilance and proactive measures are essential for maintaining the integrity of decentralized finance platforms.