Report Date
October 2, 2023
Status
Closed
Payout
Infinite Loop Griefing Attack
‣
BIC Response
This is not a valid bug report because the described attack does not lead to any of the listed impacts. The only user that can be griefed is the user of the "malicious" ERC-20 contract.
For example, the following statement:
If tokenFacet is responsible for gas it can lead to additional unbounded gas consumption If original caller is responsible for gas with, sufficient gas attacker can Temporary freezing of funds for at least 1 hour
... does not make sense, as only the user who calls transferFrom on the "malicious" token would be paying for gas (i.e., they'd grief themselves).
Due to these reasons, we are closing the submission and no reward will be issued.