FernandoMartinelli
commented
4 years ago Since this is an internal function we are sure that it will be used with exponents limited by the ratio limitations. Exponents are always either:
- normalized weights
- the inverse of normalized weights or
- ratios of normalized weights.
Since we limit weights to be between BONE and 50BONE and the max sum to be 50BONE we make sure that the exponents are always between 1/50 and 50.
We could add an extra require to check these boundaries to make sure this function is not exploited, but I don't think it is necessary since the result of such an exploit would be using up all the gas available and reverting, not really a problem for us.
ggrieco-tob
Severity: Undetermined Difficulty: High
Description
The computation of certain values using
bpowcan take a very large amount of gas, making them practically impossible to afford by users.The
bpowfunction uses specific code to approximate the value to compute iteratively:https://github.com/balancer-labs/balancer-core/blob/60486e121b42374818c6522dfeb4d783d00fd0a4/contracts/BNum.sol#L128-L163
However, certain corner cases could take a huge amount of gas to compute, for instance:
bpow(1,824633729024)will take an amount of gas near the block limit.Exploit Scenario
Bob creates a new pool. Eve performs certain operation to force users to indirectly call
bpowwith larger and larger gas amounts to finish. Eventually, the pool is so expensive that the users cannot longer use it.Recommendation
Short term, limit the amount of iterations uses during the
bpowcomputation.Long term, consider to use Echidna and Manticore to ensure that there are no corner cases requiring large amounts of gas to compute.