LSP6KeyManagerCore.sol#_executeRelayCall: Potential Gas Manipulation by Malicous relayer

[code423n4]

Lines of code

https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol#L345

Vulnerability details

Impact

This could allow a malicous relayer to manipulate the behavior of the called contract by controlling the gas provided for the transaction.

Proof of Concept

https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP6KeyManager/LSP6KeyManagerCore.sol#L345

The LSP6 protocol allows for relayed calls using supplied signatures. The encoded message is structured as follows:

bytes memory encodedMessage = abi.encodePacked( LSP6_VERSION, block.chainid, nonce, validityTimestamps, msgValue, payload );

This does not include a specified gas parameter allowing the relayer to determine the gas amount for the transaction. If the provided gas is insufficient, the entire transaction would be reverted, which is expected.

However, if the contract being called behaves differently based on the gas supplied, a malicious relayer can effectively control that behavior.

Tools Used

Manual Review

Recommended Mitigation Steps

The signed message should include a specified gas amount. This would ensure that the relayer cannot arbitrarily set the gas for the transaction.

Additionally, it would be prudent to check that there is enough gas in the current transaction to cover the specified amount, taking into account the potential for truncation due to the 63/64 rule in EVM.

Assessed type

DoS

[c4-pre-sort]

minhquanym marked the issue as primary issue

[c4-pre-sort]

minhquanym marked the issue as low quality report

[minhquanym]

OOS as known

The relayer can choose the amount of gas provided when interacting with the executeRelayCall(...) functions. For more details, see Trust audit report finding L3.

[c4-judge]

trust1995 marked the issue as unsatisfactory: Out of scope