-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audit: too much gas for feeder calls #344
Comments
Isn't the gas_limit coherent with the one specified in the session? |
I'm not sure what you mean by "specified in the session". There is no session-bound gas limit. All gas limits are given with each call, this is the only exception. |
Sorry, I was too focus on the consumer side (
About this, is it ok to say that the only way to call a contract without the "host" controls is to call it with an ICC? Or are you thinking to a different and/or more generic use case? |
A contract calling a feeder call through an ICC will result in a panic, so we only need to worry about the host calling the contract. When third-party contracts become allowed, we can't trust that giving limitless funds to it is safe, so we should probably limit setting infinite gas to the genesis contracts (contracts we control). |
Summary
Currently a feeder call is performed with the maximum amount of gas possible. This is ok for contracts that the host controls, but may become a problem for contract it does not. If a contract is malicious it may simply loop forever, and never provide any data, and effectively allow the chain to be DOSed.
piecrust/piecrust/src/session.rs
Line 486 in a681491
Possible Solution (Optional)
Allow the caller to determine the gas with which the feeder call can be executed with.
The text was updated successfully, but these errors were encountered: