Closed sherlock-admin closed 1 year ago
5 comment(s) were left on this issue during the judging contest.
panprog commented:
invalid because GAS_BUFFER is like a bonus for keeper, not intended to cover remaining gas in the transaction
n33k commented:
invalid, ai generated groundless report
0xyPhilic commented:
invalid because it is a design choice
darkart commented:
Informational/Low while its a good recomendation it is working as intended and there is no vulnerability there
polarzero commented:
Invalid. Again, this is a valid concern, but it is not significant enough to be considered as a medium/high severity issue.
0xVinylDavyl
medium
The contract uses a constant gas buffer (
GAS_BUFFER
) set to 100,000, which may not be sufficient for complex operations, potentially leading to transaction failures or inconsistent states.Summary
The contract uses a constant gas buffer (
GAS_BUFFER
) set to 100,000, which may not be sufficient for complex operations, potentially leading to transaction failures or inconsistent states.Vulnerability Detail
The vulnerability lies in the assumption of a constant gas buffer (
GAS_BUFFER
). This approach may not account for varying gas requirements, especially when Ethereum's gas prices are high. Complex operations or unexpected conditions during execution may exceed the specified gas buffer.Impact
If the gas buffer is insufficient for certain transactions, they may fail to execute completely, resulting in wasted gas fees and leaving the contract in an inconsistent state. This could potentially impact the contract's functionality and security.
Code Snippet
of the vulnerable constant gas buffer in the code: https://github.com/sherlock-audit/2023-09-perennial/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L20
Tool used
Manual Review
Recommendation
Mitigating the gas limitations and make gas estimation more flexible, consider using the
gasleft()
function to determine the required gas for transactions dynamically. This approach allows the contract to adapt to varying gas requirements and avoid running out of gas during complex or unexpected operations.Recommendation of how to use
gasleft()
for gas estimation:By using
gasleft()
, you can accurately estimate the required gas for transactions and ensure that the contract has enough gas to complete operations successfully. This approach provides greater flexibility and resilience to varying gas conditions on the Ethereum network.