akolotov
commented
5 years ago Suggested limits are 200 gwei (upper bound) and 0.5 gwei (lower bound).
Closed akolotov closed 5 years ago
akolotov
commented
5 years ago Suggested limits are 200 gwei (upper bound) and 0.5 gwei (lower bound).
varasev
commented
5 years ago Suggested limits are 200 gwei (upper bound) and 0.5 gwei (lower bound).
I think it's better to set the lower bound to 1 gwei (or even 2). The ethgasstation.info tells that this is a minimum at the moment.
akolotov
commented
5 years ago Agree. I went through all submitSignature calls made by the POA Bridge starting from the block 5600000 (was it May 2018?) and found that the minimum gas price that was used is 1 gwei, the maximum - is 143.1 gwei.
So, my suggestion is set the upper bound to 250 gwei and the lower bound to 1 gwei. If the value received from the gas price oracle is outside these limits, use the limit as returned value.
igorbarinov
commented
5 years ago I agree 1 Gwei is minimum .. what's about 20 Gwei is maximum if oracle is not available?
akolotov
commented
5 years ago we need to differentiate two cases: the oracle is available but returns some value that is outside the limits and the oracle is not available at all. The second option is already supported and the default value in this case 18 gwei (I think but can double check in the deployed contracts). So, we agreed on the minimum for the first case. I suggest 250 gwei as maximum since observed such bridge transactions in the past where the gas price are more than 100 gwei. What is your suggestion for the maximum @igorbarinov ?
igorbarinov
commented
5 years ago I see, let's have 1 .. 250 Gwei hard boundaries.
MyCrypto has 3000 GWei hard max https://twitter.com/blurpesec/status/1097913286589366272
akolotov
commented
5 years ago Changes merged to the master branch
Currently the token bridge instances uses the gas price oracle to get the gas price for transactions directed to the ETH Mainnet. If the oracle will be hacked or the connection to the oracle will be spoofed, the bridge instance could get any value in the response.
https://github.com/poanetwork/token-bridge/blob/7ccf71df5445f10c1f5f3cc23fe9cf5095939845/src/services/gasPrice.js#L34-L42
Since there is no check if the suggested gas price is within some limits, the attacker could use a huge value to dry out the validator's account balance or vice versa - a very small value to block the transactions from fast mining.
Consider to introduce a check after the following line: https://github.com/poanetwork/token-bridge/blob/7ccf71df5445f10c1f5f3cc23fe9cf5095939845/src/services/gasPrice.js#L37 and fail if the response is not within limits.