The function _reserveGas() in the contract AssetRegistry.sol is responsible for ensuring that appropriate gas is available when executing contract methods.
The function aggregates a fixed amount of gas buffering value and a quantity-related variable amount of gas which is reserved for invoking external contracts.
Though the developer has taken into consideration gas buffer before invoking the external contracts, the contract's gas estimation may not be entirely accurate and could result in unintentional contract operations.
function _reserveGas() private view returns (uint256) {
uint256 gas = gasleft();
// Call to quantity() restricts gas that is passed along to 63 / 64 of gasleft().
// Therefore gasleft() must be greater than 64 * GAS_FOR_BH_QTY / 63
// GAS_FOR_DISABLE_BASKET is a buffer which can be considerably lower without
// security implications.
require(gas > (64 * GAS_FOR_BH_QTY) / 63 + GAS_FOR_DISABLE_BASKET, "not enough gas to unregister safely");
return GAS_FOR_BH_QTY;
}
In the above code, a gas amount is being reserved for interactions with basketHandler.quantity() and basketHandler.disableBasket() as per the formula ((64 * GAS_FOR_BH_QTY) / 63) + GAS_FOR_DISABLE_BASKET.
But, the exact gas cost of these interactions may not always match with the estimated value, leading to a potential failure of transactions due to running out of gas.
Tools Used
Manual Review
Recommended Mitigation Steps
The gas requirements for the contract's execution may change with updates to the Ethereum network and if any underlying contracts are upgraded.
Therefore, it is not recommended to rely on hardcoded gas amounts within the contract.
If possible, shift gas estimation responsibilities to the transaction originating client (users, backend services, etc.) that can estimate required gas based on the latest Ethereum network status.
Consider providing clear documentation to inform users about the estimated gas costs for contract interaction.
Lines of code
https://github.com/reserve-protocol/protocol/blob/master/contracts/p1/AssetRegistry.sol#L221-L228
Vulnerability details
Impact
The function
_reserveGas()in the contract AssetRegistry.sol is responsible for ensuring that appropriate gas is available when executing contract methods.The function aggregates a fixed amount of gas buffering value and a quantity-related variable amount of gas which is reserved for invoking external contracts.
Though the developer has taken into consideration gas buffer before invoking the external contracts, the contract's gas estimation may not be entirely accurate and could result in unintentional contract operations.
Proof of Concept
https://github.com/reserve-protocol/protocol/blob/master/contracts/p1/AssetRegistry.sol#L221-L228
In the above code, a gas amount is being reserved for interactions with
basketHandler.quantity()andbasketHandler.disableBasket()as per the formula((64 * GAS_FOR_BH_QTY) / 63) + GAS_FOR_DISABLE_BASKET.But, the exact gas cost of these interactions may not always match with the estimated value, leading to a potential failure of transactions due to running out of gas.
Tools Used
Manual Review
Recommended Mitigation Steps
The gas requirements for the contract's execution may change with updates to the Ethereum network and if any underlying contracts are upgraded.
Therefore, it is not recommended to rely on hardcoded gas amounts within the contract.
If possible, shift gas estimation responsibilities to the transaction originating client (users, backend services, etc.) that can estimate required gas based on the latest Ethereum network status.
Consider providing clear documentation to inform users about the estimated gas costs for contract interaction.
Assessed type
Invalid Validation