Gas limit attack in the function _initiateETHDeposit()
Summary
Gas limit attacks are a well-known vulnerability in Ethereum smart contracts. These attacks involve an attacker setting an unreasonably high gas limit for a transaction, causing the transaction to fail due to running out of gas. This can be used to disrupt the normal operation of a contract or to cause financial harm to its users.
Vulnerability Detail
Consider the function below that is used to initiate ETH deposit and informs the L2 gateway about the deposit
In the function above the _l2Gas parameter is used to set the gas limit for the L2 transaction, but there is no validation to ensure that this value is reasonable. An attacker can specify an unreasonably high gas limit, causing the L1 transaction to run out of gas and revert. However, the function itself is not vulnerable as it is an internal function but since it is called by external functions such as depositETHTo, depositeETH and recieve() an attacker could specify a high gas price causing the transaction to revert.
Impact
The impact of this vulnerability can be severe. An attacker can perform a denial-of-service (DoS) attack by consuming all the gas of the executing transaction and disallows other callers of the function execute the function.
To prevent gas limit attacks, the gas limit should be carefully chosen based on the expected gas cost of the L2 transaction and the current gas price. The gas limit can be estimated using tools like Gas Station Network or gas-price oracles. We can add a simple check to ensure that the gas limit is not unreasonably high like the example below:
uint256 gasLimit = block.gaslimit - gasleft() - 100000; // Set maximum gas limit
require(_l2Gas <= gasLimit, "Gas limit too high"); // Check if provided gas limit is reasonable
MaanVader
medium
Gas limit attack in the function
_initiateETHDeposit()Summary
Gas limit attacks are a well-known vulnerability in Ethereum smart contracts. These attacks involve an attacker setting an unreasonably high gas limit for a transaction, causing the transaction to fail due to running out of gas. This can be used to disrupt the normal operation of a contract or to cause financial harm to its users.
Vulnerability Detail
Consider the function below that is used to initiate ETH deposit and informs the L2 gateway about the deposit
In the function above the
_l2Gasparameter is used to set the gas limit for the L2 transaction, but there is no validation to ensure that this value is reasonable. An attacker can specify an unreasonably high gas limit, causing the L1 transaction to run out of gas and revert. However, the function itself is not vulnerable as it is aninternalfunction but since it is called by external functions such asdepositETHTo,depositeETHandrecieve()an attacker could specify a high gas price causing the transaction to revert.Impact
The impact of this vulnerability can be severe. An attacker can perform a denial-of-service (DoS) attack by consuming all the gas of the executing transaction and disallows other callers of the function execute the function.
Code Snippet
Functions is use and called externally by other functions:
Tool used
Recommendation
To prevent gas limit attacks, the gas limit should be carefully chosen based on the expected gas cost of the L2 transaction and the current gas price. The gas limit can be estimated using tools like Gas Station Network or gas-price oracles. We can add a simple check to ensure that the gas limit is not unreasonably high like the example below: