Denial of Service

What is Denial of Service?

A denial of service (DoS) attack in DeFi prevents legitimate users from accessing or using protocol functions. Unlike traditional DoS attacks that overwhelm servers, smart contract DoS attacks exploit code vulnerabilities to make functions permanently unusable, lock funds, or make operations prohibitively expensive. These attacks may not steal funds directly but can cause significant damage.

How it Works

Smart contract DoS attacks exploit various mechanisms to prevent normal operation.

Common DoS attack patterns include:

1. Block Gas Limit: Make functions require more gas than fits in a block
2. Unexpected Reverts: Force failures in loops that must complete
3. External Call Failures: Depend on calls that always revert
4. Self-Destruct Interference: Destroy contracts that others depend on
5. Front-Running: Prevent specific transactions from executing
6. Griefing: Make operations expensive or slow without profit motive

These attacks range from temporary inconveniences to permanent fund locks.

Practical Example

The GovernMental Ponzi scheme on Ethereum demonstrated a costly DoS scenario where refunding all participants required more gas than available in a block, locking 1,100 ETH. The King of the Ether throne game was DoS'd when a contract king could reject ETH transfers, preventing anyone from claiming the throne. Akutars NFT mint permanently locked $34 million when a DoS vulnerability in the refund mechanism prevented fund recovery.

Why it Matters

DoS vulnerabilities may not grab headlines like fund thefts, but they can permanently lock funds or render protocols unusable. Developers must avoid unbounded loops, handle external call failures gracefully, and consider adversarial users in all designs. Users should be aware that some protocols carry DoS risks that could temporarily or permanently lock their funds.