-
Notifications
You must be signed in to change notification settings - Fork 166
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add details to requirement_simple bytecode locations * Tweak location info for SWC-128 * misformatted bytecode offsets * Update README.md Updating links and some minor textual changes. * Slightly more descriptive error * Print full error * Clarify scope (#220) * Kaden zipfel feature/gas griefing (#222) * Insufficient gas griefing * Add newlines * Fix improper newlines * Make changes to relayer contracts * Add CWE reference * Fix link * Rename to SWC-126 * No target redeploy * Fix compiler warnings * Update SWC definition [ci skip]
- Loading branch information
Showing
14 changed files
with
2,847 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# Title | ||
Insufficient Gas Griefing | ||
|
||
## Relationships | ||
[CWE-691: Insufficient Control Flow Management](https://cwe.mitre.org/data/definitions/691.html) | ||
|
||
## Description | ||
Insufficient gas griefing attacks can be performed on contracts which accept data and use it in a sub-call on another contract. If the sub-call fails, either the whole transaction is reverted, or execution is continued. In the case of a relayer contract, the user who executes the transaction, the 'forwarder', can effectively censor transactions by using just enough gas to execute the transaction, but not enough for the sub-call to succeed. | ||
|
||
## Remediation | ||
There are two options to prevent insufficient gas griefing: | ||
|
||
- Only allow trusted users to relay transactions. | ||
- Require that the forwarder provides enough gas. | ||
|
||
## References | ||
- [Consensys Smart Contract Best Practices](https://consensys.github.io/smart-contract-best-practices/known_attacks/#insufficient-gas-griefing) | ||
- [What does griefing mean?](https://ethereum.stackexchange.com/questions/62829/what-does-griefing-mean) | ||
- [Griefing Attacks: Are they profitable for the attacker?](https://ethereum.stackexchange.com/questions/73261/griefing-attacks-are-they-profitable-for-the-attacker) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.