overflow427x – Potential denial-of-service attack in initialize()
overflow427x
medium
Summary
initialize() accepts a ResourceMetering.ResourceConfig parameter without validating it.
Vulnerability Detail
The initialize() accepts aResourceMetering.ResourceConfig parameter, but does not perform any validation of the values. An attacker could pass in a value that causes the contract to run out of gas, resulting in a denial-of-service attack.
Impact
Contract running out of gas resulting in DoS attack.
overflow427x
medium
overflow427x – Potential denial-of-service attack in initialize()
overflow427x
medium
Summary
initialize()accepts a ResourceMetering.ResourceConfig parameter without validating it.Vulnerability Detail
The
initialize()accepts aResourceMetering.ResourceConfigparameter, but does not perform any validation of the values. An attacker could pass in a value that causes the contract to run out of gas, resulting in a denial-of-service attack.Impact
Contract running out of gas resulting in DoS attack.
Code Snippet
https://github.com/ethereum-optimism/optimism/blob/9b9f78c6613c6ee53b93ca43c71bb74479f4b975/packages/contracts-bedrock/contracts/L1/SystemConfig.sol#L132-L139.
Tool used
Manual Review
Recommendation
Add a func that validates the values of
ResourceMetering.ResourceConfigparameters.