c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
Lines of code
Vulnerability details
Issue seems to be resolved. The issue was that attacker might cause the
quantity()function to be called with little to no gas, and now the function ensures that it’s being called with at least 100K gas.100K gas seems to be enough for most cases (esp. considering it’s a view function) but there might be some edge cases when it’s not enough (considering that the implementation for
refPerTok()might change depending on the asset). However, I can’t recommend any specific number, since we can always say there might be an edge case where it’d cost more than that (in fact this issue stems from mitigating an issue that claims we might encounter a case whererefPerTok()would consume more gas than the block gas limit).