Closed code423n4 closed 1 year ago
only the primary operator can get slashed, and he does not have restrictions on the gas price as the fallback-operators have
https://github.com/code-423n4/2022-10-holograph/blob/f8c2eae866280a1acfdc8a8352401ed031be1373/contracts/HolographOperator.sol#L354 only applies if job.operator != msg.sender
I agree with the assessment that the particular example is not valid. But this would be an issue of front-running if the operator does not decide to operate above set job gas limits. Which I think would fall out of scope since that logic is not part of the audit.
Lines of code
https://github.com/code-423n4/2022-10-holograph/blob/f8c2eae866280a1acfdc8a8352401ed031be1373/contracts/HolographOperator.sol#L301-L439
Vulnerability details
Impact
Operators are maliciously slashed
Proof of Concept
The gas price and limit can be set to whatever the user wishes when calling the bridge. A malicious user could set the gas prices to be low for current chain conditions. This would allow them to use up the operators grace period, after which the executeJob function can be called by anyone. Once gas fees drop they frontrun the operator to slash them and take their stake.
Example:
Gas prices on destination chain is 30 gwei but are typically around 10 gwei. The malicious user sends transactions with a gas limit of 10. After 30 minutes the gas fees are under 10 gwei. The malicious user frontruns all the operators, slashing them all and taking their stake. The adversary can send extremely low value transactions between low fee chains. If the operator beats them to it then they are only out a small amount of gas and can keep retrying.
Tools Used
Manual Review
Recommended Mitigation Steps
Gasprice should be check when calling crossChainMessage and be compared against the current gas price. It should revert if specified gas price is too far from current gas price.