hats-finance / Most--Aleph-Zero-Bridge-0xab7c1d45ae21e7133574746b2985c58e0ae2e61d

Aleph Zero bridge to Ethereum
Apache License 2.0
0 stars 1 forks source link

Hardcoded gas limit is wrong, resulting any ether transfer will be reverted #19

Open hats-bug-reporter[bot] opened 7 months ago

hats-bug-reporter[bot] commented 7 months ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0x3a350bc753b7578e448473b17e71d88f3bada5748e65d2e5b8675be8cd499968 Severity: medium

Description: Impact

Native token will be locked inside contract due to hardcoded gas limit will revert the ether transfer

Description

The current gas limit on MOST is hardcoded with 3500, which is too low and not enough for ether transfer.

According to this article, a standard ETH transfer requires a gas limit of 21,000 units of gas.

This will make ether transfer will fail.

File: Most.sol
23:     /// @dev This amount of gas should be sufficient for ether transfers
24:     /// and simple fallback function execution, yet still protecting against reentrancy attack.
25:     uint256 constant GAS_LIMIT = 3500;

Recommendation

Consider to increase the gas limit to higher one like,

krzysztofziobro commented 7 months ago

Invalid submission: A PoC is required for submission to be considered valid. You can create a new submission that contains a working PoC.