Potential Denial-of-Service (DoS)

[c4-bot-10]

Lines of code

https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/contract.rs#L164

Vulnerability details

Impact

The line gas_limit = Weight::from_parts(gas_limit, 0).set_proof_size(u64::MAX); sets the proof size, an additional gas cost associated with contract execution, to the maximum unsigned 64-bit integer value (u64::MAX). This removes any restrictions on gas consumption for proofs.

Proof of Concept

An attacker could craft a transaction with a low gas_limit value but embed a very large proof size. Since there's no upper bound on the proof size due to setting it to u64::MAX, the gas consumption can escalate beyond the intended limit, potentially causing resource exhaustion and Ddos attack

Tools Used

Manual Inspection

Recommended Mitigation Steps

The proof size should be calibrated based on the actual storage requirements of transaction let gas_limit = Weight::from_parts(gas_limit, 0).set_proof_size(u64::PROOF_SIZE_LIMIT);

Assessed type

Other

[c4-pre-sort]

141345 marked the issue as duplicate of #54

[c4-judge]

OpenCoreCH marked the issue as unsatisfactory: Insufficient proof