Precompile Execution Without Sufficient Gas In Kakarot

[howlbot-integration]

Lines of code

https://github.com/kkrt-labs/kakarot/blob/7411a5520e8a00be6f5243a50c160e66ad285563/src/kakarot/interpreter.cairo#L79-L100

Vulnerability details

Impact

Precompiles in Kakarot can execute computationally expensive operations before verifying sufficient gas is available, leading to:

• Free computation at the expense of the Starknet paymaster who covers Cairo step costs
• Deviation from Ethereum's behavior where precompiles require upfront gas checks

The issue exists because while EVM gas would be charged preventing true "free" execution, the underlying Starknet Cairo program steps are executed during the precompile computation before the gas check. These computational costs are covered by the paymaster, not the EVM transaction sender.

Proof of Concept

Executing precompiles before verifying gas in Kakarot's:

	let (output_len, output, gas_used, revert_code) = Precompiles.exec_precompile(
		evm.message.code_address.evm,
		evm.message.calldata_len,
		evm.message.calldata,
		caller_code_address,
		caller_address,
	);

	let precompile_reverted = is_not_zero(revert_code);
	if (precompile_reverted != FALSE) {
		// No need to charge gas as precompiles can only trigger EXCEPTIONAL_REVERT
		// which will consume the entire gas of the context.
		let evm = EVM.stop(evm, output_len, output, revert_code);
		tempvar range_check_ptr = range_check_ptr;
		tempvar evm = evm;
	} else {
		// Charge gas before stopping
		let evm = EVM.charge_gas(evm, gas_used);
		let evm = EVM.stop(evm, output_len, output, evm.reverted);
		tempvar range_check_ptr = range_check_ptr;
		tempvar evm = evm;
	}

Interpreter.cairo:L79

By contrast, Geth performs gas validation before execution in:

func RunPrecompiledContract(p PrecompiledContract, input []byte, suppliedGas uint64, logger *tracing.Hooks) (ret []byte, remainingGas uint64, err error) {
	gasCost := p.RequiredGas(input)
	if suppliedGas < gasCost {
		return nil, 0, ErrOutOfGas
	}
	if logger != nil && logger.OnGasChange != nil {
		logger.OnGasChange(suppliedGas, suppliedGas-gasCost, tracing.GasChangeCallPrecompiledContract)
	}
	suppliedGas -= gasCost
	output, err := p.Run(input)
	return output, suppliedGas, err
}

core/vm/contracts.go:L223

Flow:

sequenceDiagram
    actor Attacker
    participant Kakarot
    participant Precompile
    participant Starknet

    
    rect rgb(0,0,0)
    Note over Attacker,Starknet: Kakarot Implementation (Vulnerable)
        Attacker->>Kakarot: Call precompile with insufficient gas
        activate Kakarot
        Kakarot->>Precompile: Execute computation
        activate Precompile
        Note right of Precompile: Cairo steps executed!
        Precompile-->>Kakarot: Return result
        deactivate Precompile
        Kakarot->>Kakarot: Check gas (Too late!)
        Note right of Kakarot: Transaction reverts but<br/>computation already done
        Kakarot-->>Attacker: Revert
        deactivate Kakarot
    end

Loading

Key differences:

• Geth validates gas availability before any precompile execution, preventing any computation without sufficient gas
• Kakarot executes first, checks gas later
• In Kakarot, Cairo computation costs are already incurred when gas check fails

Tools Used

Manual Review

Recommended Mitigation Steps

Add upfront gas validation before precompile execution by implementing a check_precompile_gas function that validates available gas. Only proceed with execution if sufficient gas exists, otherwise revert immediately with an out-of-gas error.

Assessed type

Other

[ClementWalter]

Severity: Invalid

Comment: Kakarot paymaster can decide to not relay the tx.

[c4-judge]

dmvt marked the issue as unsatisfactory:
Invalid

[koolexcrypto]

Hi @dmvt,

Kakarot's implementation violates fundamental EVM gas accounting rules as defined in the Yellow Paper:

1. Explicit Precompile Gas Ordering
   From equation (209) in Appendix E, precompile execution is strictly defined:

ΞPRE(σ, g, A, I) ≡ {
    (∅, 0, A, ()) if g < gr
    (σ, g - gr, A, o) otherwise
}

This specification has two critical requirements:

• If insufficient gas (g < gr), execution must immediately return with empty output () indicating no computation
• If sufficient gas, gas must be deducted (g - gr) BEFORE any execution that produces output o

The current implementation violates both by executing first and attempting to charge gas after computation.

2. Gas as Prerequisite for Computation
   Section 5 of the Yellow Paper establishes gas as a fundamental prerequisite:

"In order to avoid issues of network abuse and to sidestep the inevitable questions stemming from Turing completeness, all programmable computation in Ethereum is subject to fees."

The phrase "subject to fees" means gas checks and deductions must precede computation, not follow it.

Kakarot execute precompiles before gas checks and deduction which represents a clear violation of the EVM specification.

The only compliant implementation is to:

1. Validate gas sufficiency
2. Deduct required gas amount
3. Only then proceed with precompile computation

This matches both the letter and intent of the Yellow Paper's specification.

I appreciate you having a second look at this 🙏.

[c4-judge]

dmvt removed the grade

[c4-judge]

dmvt changed the severity to QA (Quality Assurance)

[dmvt]

Point well taken. Adjusted to QA / low risk.

[c4-judge]

dmvt marked the issue as grade-b

[ClementWalter]

ok for QA