Block numbering scheme vulnerable

[4000D]

f2075b8ea911a74f2b163f3d28cbcb898a3feab3 splits a simple block numbering scheme with respect to deposit block (by user) and submit block (by operator).

I think it assumes that at most 1000 deposits happen before operator submit new block. But an attacker can break numbering scheme using below contract to generate numerous deposits.

contract A {
  function attack(address rootchain, uint n) public payable {
    for(uint i = 0; i < n; i++) {
      RootChain(rootchain).deposit.value(msg.value / n)();
    }
  }
}

If a single deposit require X gas, 1000X gas require to make DoS attack feasible.

Because X is less than 0.1M and recent block gas limit is almost 8M, attack is feasible if he takes about 1000X / 8M (< 100M / 8M = 12.5) blocks only containing attacker's TX.

Actually, X is quite less than 0.1M according to #65.

[smartcontracts]

Yep, this is definitely a concern. Luckily, it can be easily mitigated by adding an extra zero (or two) to the number of allowed deposits. I think if we find that 1,000 is too easy to attack, we should probably move to 10,000 or 100,000. For MVP it's probably fine? Not sure.

[smartcontracts]

Closing for now. Something we should be aware of but not necessarily breaking.