Miners Can Manipulate `tx.gasprice` to Drain Users' Wallets in `postIncomingMessages()`

[code423n4]

Lines of code

https://github.com/skalenetwork/ima-c4-audit/blob/main/contracts/mainnet/MessageProxyForMainnet.sol#L205-L253 https://github.com/skalenetwork/ima-c4-audit/blob/main/contracts/mainnet/CommunityPool.sol#L82-L112

Vulnerability details

Impact

The postIncomingMessages() function is used to broadcast signed data indicating that a funds on an schain will be moved to mainnet. While the function performs proper signature verification, it doesn't prevent any arbitrary user from frontrunning the function with the same arguments. As a result, the caller will be entitled to any gas reimbursements.

However, the CommunityPool.refundGasByUser() function uses tx.gasprice to determine the amount to deduct from the gas payer's wallet. tx.gasprice can be easily manipulated by a miner at no additional cost to them as the transaction will always take up a fixed amount of block space. Therefore, a miner could frontrun the transaction with an extraordinarily high tx.gasprice to receive increased ETH as a gas reimbursement. This would be an effective form of Miner Extractable Value (MEV).

Proof of Concept

• An honest node operator intends to call postIncomingMessages() with tx.gasprice set to 100 gwei.
• A miner sees this tx in the mempool and decides to execute it in the context of their own account by frontrunning this transaction but they set tx.gasprice to 1000 gwei.
• The miner uses the same amount of block space regardless of what tx.gasprice is set to, but they do not have to forfeit the cost of this.
• As such, the miner effectively receives 10x the ETH as the honest node operator would have received with no underlying cost. This can be abused to drain the wallets of all gas payers.

Tools Used

Manual code review.

Recommended Mitigation Steps

Consider using block.basefee or similar to limit the degree by which miners can manipulate the gas price. It may also be useful to use a Chainlink oracle to verify that these values do not go outside of some predefined upper and lower boundaries.

[cstrangedk]

Agreed, but here the miner executes a very costly transaction at a high gas price, only to be refunded for the costly transaction. The miner is not able to profit, but agreed is able to drain a user's wallet. Suggest 2-medium severity, as the attack is possible but is without any extractable incentive.

A native Oracle solution is already in-process, as shown in the code stub https://github.com/skalenetwork/ima-c4-audit/blob/11d6a6ae5bf16af552edd75183791375e501915f/contracts/schain/CommunityLocker.sol#L219-L223

[cstrangedk]

Duplicate of #28

[GalloDaSballo]

Dup of #28