Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[evm] Use dynamic gas computation for the FunToken.sol precompile #2083

Closed
Unique-Divine opened this issue Oct 17, 2024 · 0 comments · Fixed by #2086
Closed

[evm] Use dynamic gas computation for the FunToken.sol precompile #2083

Unique-Divine opened this issue Oct 17, 2024 · 0 comments · Fixed by #2086
Assignees
@Unique-Divine
Labels
x: evm Relates to Nibiru EVM or the EVM Module

Comments

@Unique-Divine
Copy link
Member

Abstract / Summary

Scope: x/evm/precompile/funtoken.go

RequiredGas() (here in funtoken.go as well as in the other precompiles) charges a fixed amount of gas. This is problematic as the bankSend function accepts a dynamic type parameter, string memory to, as the transfer recipient.

If the bankSend precompile is called with the to string set to a very large string value, the DecomposeInput() call will consume a lot of computational resources to unpack the large to value, which the user is not charged for. The bank send will ultimately fail, but before it will have consumed a lot of gas. So this opens up a DoS/griefing vector.

If dynamic types are used as function parameters, it's very important to be accurate with gas accounting, as the value can potentially be very large. For example, consider parsing the input also in RequiredGas() and charge additional gas for dynamic size parameters (e.g. string, bytes, etc.)

Originally posted by @berndartmueller in https://github.com/code-423n4/2024-10-nibiru-zenith/pull/28#discussion_r1801090069
@github-project-automation github-project-automation bot moved this to ⚡ Building 🧱 in ⚛️ Nibiru (Hougyoku) Oct 17, 2024
@github-actions github-actions bot added the S-triage Status: This issue is waiting on initial triage. More Info: https://tinyurl.com/25uty9w5 label Oct 17, 2024
@Unique-Divine Unique-Divine changed the title Use dynamic gas computation for the FunToken.sol precompile [evm] Use dynamic gas computation for the FunToken.sol precompile Oct 17, 2024
@Unique-Divine Unique-Divine added x: evm Relates to Nibiru EVM or the EVM Module and removed S-triage Status: This issue is waiting on initial triage. More Info: https://tinyurl.com/25uty9w5 labels Oct 17, 2024
@Unique-Divine Unique-Divine self-assigned this Oct 17, 2024
@coderabbitai coderabbitai bot mentioned this issue Oct 22, 2024
Merged
3 tasks
@github-project-automation github-project-automation bot moved this from ⚡ Building 🧱 to ✅ Completed in ⚛️ Nibiru (Hougyoku) Oct 24, 2024
@Unique-Divine Unique-Divine reopened this Oct 24, 2024
@github-project-automation github-project-automation bot moved this from ✅ Completed to ⚡ Building 🧱 in ⚛️ Nibiru (Hougyoku) Oct 24, 2024
@github-project-automation github-project-automation bot moved this from ⚡ Building 🧱 to ✅ Completed in ⚛️ Nibiru (Hougyoku) Oct 24, 2024
@Unique-Divine Unique-Divine mentioned this issue Oct 26, 2024
Merged
This was referenced Oct 28, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Unique-Divine Unique-Divine

Labels
x: evm Relates to Nibiru EVM or the EVM Module
Projects
⚛️ Nibiru (Hougyoku)
Archived in project
Milestone
No milestone
1 participant
@Unique-Divine