Open hats-bug-reporter[bot] opened 5 months ago
There is no flaky behavior here. If you did everything correctly, the only way the call would fail on-chain is if someone sniped your increaseBounty
.
It is simple to read storage: https://github.com/catalystdao/GeneralisedIncentives/blob/2448d77e412216283ed75d8c3cbaa1270657f7b5/src/IncentivizedMessageEscrow.sol#L87-L89
It is not like it is changing often.
By failing strict you can save gas by simulating the execution off-chain and only submitting when it goes through. This lets you save a transfer.
Github username: @ShaheenRehman Twitter username: 0x_Shaheen Submission hash (on-chain): 0xf722d4bc8c7aaa32eb8635214ecd23c2e5608ae267daebf33804d46a498d1a33 Severity: low
Description: Description\ The
GeneralisedIncentives.increaseBounty
have a check which make sure users have sent exact gas as the computedsum
:And this is how
sum
is computed:As the
sum
is computed with the storage variables & input params multiplications and additions, it will be hard for users to input the same exactgas
as thesum
value.User's Trxs will revert with the
IncorrectValueProvided()
and they will lose gas (on Ethereum, it's quite costy for even a fail trx)Impact\ users will have hard time increasing the bounty due to a too strict check
Code Link https://github.com/catalystdao/GeneralisedIncentives/blob/2448d77e412216283ed75d8c3cbaa1270657f7b5/src/IncentivizedMessageEscrow.sol#L130
Proof of Concept The Protocol written test of increaseBounty also showcase this, that before sending a Trx, user needs to do all the computation, for the Trx to go thru:
Mitigation There are two mitigations:
submitMessage
func:Add a
view
function to calculate the increaseBounty Gas: