Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Added a entry and test case for the recently disclosed Level K gas to… #140

Closed
wants to merge 1 commit into from

Conversation

aleph-v
Copy link
Contributor

@aleph-v aleph-v commented Nov 26, 2018

…ken minting attack.
Note: After review, changes, and approval SWC-Proposed must be replaced in the files with the SWC identified number which is available when the merge occurs.

@ghost ghost assigned aleph-v Nov 26, 2018
@ghost ghost added the in progress label Nov 26, 2018
@aleph-v aleph-v requested a review from thec00n November 26, 2018 16:58
[CWE-470: Use of Externally-Controlled Input to Select Classes or Code](https://cwe.mitre.org/data/definitions/470.html)

## Description
When an account calls an address that belongs to a contract the contract's code will execute and the caller's account will pay the gas for this computation. Programs which send transactions, such as geth, estimate the gas needed automatically and will include the gas for that arbitrary computation. Therefore if the sender of a transaction auto generates the transaction without validation they may end up paying for gas used in unintended computation. Alone this is a form of griefing, but combined with a gas token structure it allows attackers to steal gas.
Copy link
Contributor

@maurelian maurelian Dec 5, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is a form of griefing; it doesn't prevent the intended computation from occurring.

This was referenced Dec 5, 2019
@maurelian
Copy link
Contributor

If this PR #220 is merged, we should close this.

Thanks for all the work that went into this PR @pvienhage. Unfortunately it seems to have been neglected.

@aleph-v aleph-v closed this Dec 9, 2019
@maurelian maurelian deleted the Gas-Siphon-Proposed-Case branch March 25, 2020 11:53
# for free to join this conversation on GitHub. Already have an account? # to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants