mau
  • 🧩Account Abstraction
    • 📎Introduction ERC-4337
    • 🙍Key Roles and Their Interactions
      • 📄UserOperation Breakdown and Security Concerns
    • 🌉Interfaces
      • 1️⃣EntryPoint Interface
      • 2️⃣Account Interface
      • 3️⃣Aggregator
    • ⛓️Transaction Nonce
    • 🤝Using Signature Aggregators
    • 🚪Required entry point contract functionality
      • 🏦Paymaster extension
        • 🌉Paymaster Interfaces
    • 🤸Handling UserOperation
      • 🤖Simulation
      • 🔄Alternative Mempools
    • Bundling
      • Forbidden opcodes
    • Reputation
      • Unstaked
      • Specification
    • Storage associated with an address
    • 📚Extra References
  • 🔐Signature
    • 🔁Replay Attack
    • 🗝️Signature Malleability
  • 🧱Ethereum Blockchain
    • 📖Account State
    • 👩‍💻create2 OPCODE
  • 📑Ethereum Improvement Proposals
    • 📄EIP-191
      • 📄ECDSA
      • 📄ABI Encode and Keccak256
    • 📄EIP-712
    • 📄EIP-7212
      • 📄Abstract
      • 📄Motivation
      • 📄Elliptic Curve Signature Verification Steps
      • 📄Verification and Sepecification
      • 📄Rationale
    • 📄EIP-1271
    • 📄EIP-1167
  • ⚒️Foundry
  • 📚DeFi and the Future of Finance - Book
    • 🔧The Problems DeFi Solves
    • 1️⃣DeFi Basics
      • 🪙Equity, Liquidity and Governance Token
      • 🛃Custody
      • 🔄Supply Adjustment
      • 📈Bounding Curve
      • 💸Incentives
      • 🔁Swaps
      • 💰Collateralized/Uncollateralized Loans
    • 2️⃣Credit and Lending
  • ⛽Gas Griefing
    • 1️⃣Understanding Gas in Ethereum
    • 2️⃣Gas Allocation and Contract Interactions
    • 3️⃣Understanding Gas Limits: Exploring the 63/64 Rule
    • 4️⃣Understanding Gas Limits in Contract-to-Contract Calls
    • 5️⃣Gas Griefing Attack
    • 6️⃣Inner Call Out Of Gas Attack
    • 7️⃣Gas Griefing Contest Findings
      • ⛽Withdrawals with high gas limits can be bricked by a malicious user, permanently locking funds
      • ⛽Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally
  • ✏️My Auditing Process
    • ❓How do I start ?
    • ⭕Bounded Context Technique
    • 🌳BTT
  • 🏃‍♀️Productivity
    • ✖️Best way to use Twitter Bookmarks
    • ⌛How to track focused working hours
    • 👩‍💻VS Code plugins to increase performance
    • 🏗️How to create your audit process methodology
    • 📕You should also have your Gitbook
    • 👮Best way to study for Secureum
  • 📙Secureum
    • 📄RACE 4
    • 📄RACE 5
  • 💻Mainnet Attacks
    • 🔁Reentrancy
      • 2022 Dec - Grim Finance
      • 2016 June - The DAO
  • ABI Encode
    • Basic Design
    • Function Selector
    • Elementary Types
    • Formal Specification of the Encoding
    • Examples
    • Events
    • Errors
    • Non-standard Packed Mode
    • References
  • Solidity
Powered by GitBook
On this page
  • Relayers and Gas Manipulation: Understanding the Vulnerabilities
  • Mitigating Gas Griefing Attack
  • First Solution
  • Second Solution
  • Potential Pitfalls of the Second Approach
  1. Gas Griefing

Gas Griefing Attack

Exploring the gas griefing attack's implications in meta-transactions and strategies to protect users from relayer malpractices.

Consensys Diligence has acknowledged the issue (SWC-126) from previously section in their documentation, indicating a potential problem. However, they have not provided a suitable solution to address the issue, which suggests a misunderstanding of the problem at hand. Their attempts to propose a resolution have fallen short in effectively resolving the issue.

contract Caller {
    function execute(address to, bytes calldata data, uint256 gas) external {
        require(gasleft() >= gas);
        (bool success, bytes memory returnedData) = to.call.gas(gas)(data);
        // Handle the result of the call
    }
}

Imagine you have a smart contract that uses the require statement to perform a call to another contract using the to.call function. You want to make sure that the callee contract receives a specific amount of gas that you specify.

However, there are two reasons why the require call alone cannot guarantee this:

  • Gas required for the call itself: When you make the call, the gas required for the call's operations and memory usage will further reduce the available gas. This means that the actual gas available at the moment of the call will be lower than what you initially expected.

  • The 63/64 rule: Even if the gas available at the point of the call seems sufficient, the Ethereum protocol applies the 63/64 rule. This rule reduces the available gas even more, potentially affecting the amount of gas the callee contract receives. The remaining gas (1/64 of the gas required) can still be enough for the rest of the transaction to succeed, allowing the call to continue.

Relayers and Gas Manipulation: Understanding the Vulnerabilities

Now, let's consider a meta-transaction scenario. In meta-transactions, a relayer signs and submits transactions on behalf of users. Here's where the issue arises: a malicious or unaware relayer could sign a transaction with a low amount of gas, intentionally or unintentionally causing the inner call to fail. However, they would still set the overall transaction up for success by providing enough gas for the transaction itself. In this scenario, the relayer would be rewarded for executing the transaction, while the user would experience a failed meta-transaction.

Furthermore, if a relayer manages to make the first meta-transaction fail, it could impact the entire series of meta-transactions generated by the user.

To address this issue, there is a need for a mechanism that ensures smart contracts can reliably guarantee that the callee contract receives the exact amount of gas specified, regardless of the gas reductions caused by the call and the 63/64 rule.

Mitigating Gas Griefing Attack

To properly guard against the issue, we need to ensure there is enough gas at the point of the call being made. There are two ways to achieve this within the current EVM framework:

First Solution

Check before the call:

uint256 gasAvailable = gasleft() - E;
require(gasAvailable - gasAvailable / 64  >= txGas, "not enough gas provided")
to.call.gas(txGas)(data);

In this approach, we calculate the available gas by subtracting the gas used in the operations preceding the call (E) from the current gas available gasleft(). We then compare this value with the required gas for the call txGas minus 1/64 of the available gas. If the comparison fails, indicating insufficient gas, the call is not made. This method relies on estimating the gas required for the operations preceding the call and the call itself, which is opcode pricing dependent.

Second Solution

Check after the call:

to.call.gas(txGas)(data);
assert(gasleft() > txGas / 63, "not enough gas left");

Here, we make the call first using the specified gas txGas, and then we assert that the gas remaining after the call is greater than txGas divided by 63. If the remaining gas is not sufficient, the assertion fails, causing the current call to revert. This workaround does not require estimating the gas required for the preceding operations and is not dependent on specific opcode pricing.

Potential Pitfalls of the Second Approach

It's important to note that the second approach may still pass the check if the gas provided was less, and the external call reverted or succeeded early, leaving enough gas remaining. This can be problematic if the code executed during the call reverts due to a check against the gas provided. To address this, an assert statement is used to consume all gas, emulating an out-of-gas exception. However, it's worth mentioning that the assert statement may not consume all gas in newer versions of Solidity (>= 0.8.0), requiring the use of assembly to emit an invalid opcode.

However, these workarounds have limitations, and a proper solution would involve making changes to the EVM itself to ensure reliable gas allocation for callee contracts.

PreviousUnderstanding Gas Limits in Contract-to-Contract CallsNextInner Call Out Of Gas Attack

Last updated 1 year ago

⛽
5️⃣