search

Daohub-io / cap9

Capability-based security protocol for smart contracts
Apache License 2.0
22 stars 10 forks source link

Handle gas allocation robustly #168

Open JakeOShannessy opened 5 years ago

JakeOShannessy commented 5 years ago

As part of a syscall (or any call) we usually pass the value of the GAS call, which is equivalent to allowing the called contract to use as much of the remaining gas as it needs. When performing a CALL in EVM this was quite easy, as the GAS call was the last instruction executed before performing the call. When comping to WASM this isn't quite as simple, as we can't guarantee that it is the final instruction called.

Currently, there are a few instances of GAS - SomeValue to allow some leftover gas to complete other instructions. This is not a robust way to do this and we should find alternatives.

JakeOShannessy commented 5 years ago

I have a solution for this. We can use the same mechanism as cap9_syscall_low and introduce cap9_maxgas_call_code and the like. In the same way we can control the exact instructions deployed and make sure that exactly all the remaining gas is used.

Latrasis commented 5 years ago

I have a solution for this. We can use the same mechanism as cap9_syscall_low and introduce cap9_maxgas_call_code and the like. In the same way we can control the exact instructions deployed and make sure that exactly all the remaining gas is used.

Would this still be feasible for validation?

JakeOShannessy commented 5 years ago

In that particular case it's only for the kernel, so we don't have to run it through the validation code.

For procedures we have defined syscalls in such a way that handles this already, we just have to make sure the values are correct, which I failed to do in #178 it seems.