c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
Issue
M-02: Attacker can force the failure of transactions that use tryCatch
Mitigation
https://github.com/AmbireTech/ambire-common/commit/fca50cd45478ef1ab57ba21bf7e1ccd15b310a05
Assessment of Mitigation
Issue mitigated
Comments
This mitigation updates the following
AmbireAccount.tryCatchfunction to execute(bool success, bytes memory returnData) = to.call{ value: value, gas: gasBefore }(data)afteruint256 gasBefore = gasleft()and beforerequire(gasleft() > gasBefore/64, 'TRYCATCH_OOG'). Since the upper gas limit for the innerto.callfunction call is set togasBeforethat is the gas left in theAmbireAccount.tryCatchfunction's context just before thisto.callfunction call, if thisto.callfunction call consumes more than 63/64 ofgasBefore, then there is no way thatgasleft() > gasBefore/64can be true after suchto.callfunction call; in this case, the gas consumption of more than 63/64 ofgasBeforeis too much comparing to all but one 64th of the maximum allowed amount of gas that would be given to thisto.callfunction if it could be called without inputtinggas, which is specified by EIP-150. In order to not revertrequire(gasleft() > gasBefore/64, 'TRYCATCH_OOG'), enough gas needs to be provided to the innerto.callfunction so suchto.callfunction call would not revert due to out of gas. As a result, this mitigation makes the malicious relayer's or actor's manipulation of the gas for calling theAmbireAccount.tryCatchfunction ineffective and prevents such relayer or actor from forcing the innerto.callfunction call to revert due to out of gas. Therefore, the corresponding issue is mitigated.https://github.com/AmbireTech/ambire-common/blob/f56e7dcaaa4ff8950b39fe6d5bced165d0f1c99f/contracts/AmbireAccount.sol#L113-L119