Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure TokenWithRefunds::complete_refund(...) is unlikely to revert #7796

Closed
benesjan opened this issue Aug 6, 2024 · 2 comments
Closed

Ensure TokenWithRefunds::complete_refund(...) is unlikely to revert #7796

benesjan opened this issue Aug 6, 2024 · 2 comments
Labels
A-security Area: Relates to security. Something is insecure.

Comments

@benesjan
Copy link
Contributor

benesjan commented Aug 6, 2024
edited
Loading

If the public teardown of a TokenWithRefunds reverted this would result in a loss of notes for both the fee payer and the user. For this reason it should be attempted to make the complete_refund function very unlikely to revert.

Note that if this is not done the FPC might be attacked! --> An attacker could be submitting reverting txs while the FPC would be spending his fee juice and not getting the accepted asset.
@github-project-automation github-project-automation bot moved this to Todo in A3 Aug 6, 2024
@benesjan benesjan changed the title Ensure TokenWithRefunds::complete_refund is unlikely to revert Ensure TokenWithRefunds::complete_refund(...) is unlikely to revert Aug 6, 2024
@benesjan benesjan mentioned this issue Aug 6, 2024
Merged
@benesjan
Copy link
Contributor Author

This is the line with the problematic revert.

The goal of this issue is to move that check to the private part of the function.

How we could tackle this by enforcing during setup that the fee payer has enough funds to cover a "maximally complex tx"
--> do we have something like max gas limit to compute the gas fee of such a tx?
--> would this be acceptable or is it considered too expensive?

@benesjan benesjan added the A-security Area: Relates to security. Something is insecure. label Dec 11, 2024
This was referenced Dec 11, 2024
Closed
Open
@benesjan
Copy link
Contributor Author

Replaced by #10805.

@github-project-automation github-project-automation bot moved this from Todo to Done in A3 Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-security Area: Relates to security. Something is insecure.
Projects
A3
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@benesjan