search

code-423n4 / 2023-10-zksync-findings

4 stars 0 forks source link

Max Gas price should not be hardcoded #825

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-10-zksync/blob/1fb4649b612fac7b4ee613df6f6b7d921ddd6b0d/code/system-contracts/bootloader/bootloader.yul#L12, https://github.com/code-423n4/2023-10-zksync/blob/1fb4649b612fac7b4ee613df6f6b7d921ddd6b0d/code/system-contracts/bootloader/bootloader.yul#L19

Vulnerability details

Impact

Hardcoded MAX_ALLOWED_L1_GAS_PRICE and MAX_ALLOWED_FAIR_L2_GAS_PRICE is not flexible and unable to cater should any scenario or needs arise that require a higher maximum gas.

Proof of Concept

Tools Used

Manual analysis

Recommended Mitigation Steps

Instead of hardcoding, make it configurable via admin access.

Assessed type

Other

c4-pre-sort commented 1 year ago

bytes032 marked the issue as low quality report

miladpiri commented 1 year ago

By design.

c4-sponsor commented 1 year ago

miladpiri (sponsor) disputed

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Insufficient proof

GalloDaSballo commented 1 year ago

Would like to at least see the math to get to 100k gwei