Exploiting gas limit manipulation in staking incentive distribution on L2 about 2024-05-olas-findings HOT 10 OPEN

We cannot revert on the side of L2 since this has an immediate loss of data effect. That's why we do the call instead of a regular high level interface call. Hence, for us there is no difference if the verification function has failed due to the lack of gas or not.

Since cross-chain bridging interaction depends on off-chain computation for some networks, we have to accept that even without attacks there could be scenarios of wrongly supplied bridging parameters (if things are done outside of our SDK usage).

However, there is a processDataMaintenance() function that is DAO-governed and can re-initiate lost or incorrectly interrupted _processData() function calls. There is no 100% solution in such a sensitive cross-chain domain. Thus, the processDataMaintenance() works as a stable arbitrage solution.

from 2024-05-olas-findings.

kupermind (sponsor) disputed

from 2024-05-olas-findings.

Hey @kupermind
A few questions:

We cannot revert on the side of L2 since this has an immediate loss of data effect. That's why we do the call instead of a regular high level interface call. Hence, for us there is no difference if the verification function has failed due to the lack of gas or not.

1. In case it reverts due to out of gas error, can't you just save the data to be retried later?
2. In case that verifyInstanceAndGetEmissionsAmount() indeed requires that amount of gas, are you ok with a situation where (almost) every message is being DoS-ed like this and requires manual intervention?
3. I'm trying to assess how likely is verifyInstanceAndGetEmissionsAmount() to consume so much gas (more than 882K gas units), do you have any input regarding that?

from 2024-05-olas-findings.

1. Correct, and we can use DAO-controlled processDataMaintenance() function.
2. We don't expect this to happen just because of point 1. What is the point if your inflation is not going to be re-distributed between other parties anyway, and is under full control of the DAO if the delivery fails to re-deliver it.
3. For now it's 65k gas at most, and following recommendations in a couple of issues we'll add a check for two more variables, making it to the total of maximum of 100k gas for the verification function.

We have done tests such that there is no excessive gas spending on L1 side. This turned out to have at most 11 staking contracts sent from L1 to L2. This is a relatively small amount of contracts to perform checks on, and we always have enough gas on L2.

from 2024-05-olas-findings.

Got it, given that the likelihood of the function requiring so much gas and the impact not being very high, I'm marking this as low

from 2024-05-olas-findings.

0xA5DF changed the severity to QA (Quality Assurance)

from 2024-05-olas-findings.

+1 low from #50
+1 low from #67

from 2024-05-olas-findings.

0xA5DF marked the issue as grade-b

from 2024-05-olas-findings.

0xA5DF marked the issue as grade-a

from 2024-05-olas-findings.

For awarding purposes, C4 staff have marked as 3rd place.

from 2024-05-olas-findings.