-
Notifications
You must be signed in to change notification settings - Fork 938
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
safeTxGas is not enforced #100
Comments
@fabiohild thanks for bringing that here so the whole community can bring feedback. As my report says there is indeed a clear benefit in fixing the bug since as you mentioned the parameter Now @tschubotz and the rest of your team, you decided to leave the bug as is, saying that this can be avoided by ensuring that the user sign a While as my report states, the bug can indeed be avoided on the interface side by ensuring that Then if I am correct you rejected the fix because you concluded it would be unreliable for 2 reasons :
While 1) is true, if the EVM do change on that front, this would not be worse that what you have to do now at the interface level to avoid the bug. As such this is to me not a convincing argument. Plus there is no indication that EVM will change in that regard. For 2) There is also an alternative solution that do not require any gas prediction and would continue to work even if gas pricing change as long as EIP-150 behaviour remains the same. It involves doing the check after the external call. Indeed, since EIP-150 leave Finally safe owner could be given a mechanism by which the value To conclude though, even if I believe the fixes I propose can solve the problem I also believe that such checks should be performed at the EVM level. In other words, the EVM should provide a mechanism that can ensure an external calls are given exactly the amount of gas specified and not just act as a maximum value as it does now. I thus wrote a proposal to fix this here : ethereum/EIPs#1930 This way there would be no need to compute Feel free to contribute to it and let's get this situation fixed once and for all. |
Commit 62d4bd3 (merged into the latest release) fixes this. Thanks folks! |
Reporting a bug recently found through a bug bounty in Solidified. We can say the overall consensus is that this is a bug, but opinions on risk vary greatly. The goal is to start a discussion around the topic, and hopefully arrive at a consensus on how to secure the now prevalent Meta TXs.
Description
The bug consists in the fact that the parameter safeTxGas, signed by the user, is not enforced by the smart contract, in some situations the gas provided to the safeTx can be lower than the one signed by the user.
Detailed explanation by user @wighawag : https://web.solidified.io/contract/5b4769b1e6c0d80014f3ea4e/bug/5c83d86ac2dd6600116381f9
EIP150, relevant for the discussion: http://eips.ethereum.org/EIPS/eip-150
Some of the possible impacts were already flagged by @wighawag, to sum up:
The discussion right now is orbiting between including this in the documentation or fix this and enforce the gas amount signed by the user. We tend to favor the fix side, and think that although this can be a design decision, the following are fair assumptions:
Other implementations
Most early implementations do not take gas into consideration. Gas amount is not signed nor enforced, but the external call is required to succeed in order for the payout to the relayer to be performed. In these implementations a fixed amount is refunded to the relayer, and he can opt not to submit Txs that revert or are not profitable.
EIP1077
EIP 1077 currently requires gasPrice and gasLimit to be signed, although it does not specify if they should be checked or enforced (https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1077.md).
Status identityGasRelay implementation (that inspired EIP1077) is very similar to Gnosis Safe implmentation, gasPrice and gasLimit are signed, and the limit is checked during execution (first check in callGasRelayed). This implementation also allows for transactions being executed with slight less gas than the limit (can be a problem for Txs with tight gas). https://github.com/status-im/contracts/blob/73-economic-abstraction/contracts/identity/IdentityGasRelay.sol
Universal Logins also implements the standard, have both gasLimit and gasPrice signed by the user, but do not verify it at all. The relayer in this scenario can cause any exteral tx to fail and still get refunded by providing anough gas for executeSigned to execute but less than the external call needs.
https://github.com/UniversalLogin/UniversalLoginSDK/blob/master/universal-login-contracts/contracts/ERC1077.sol
EIP 1776
Proposing native meta TXs, created by the original bug submitter @wighawag. Current version requires both inclusion of gas parameters in the user signed payload and also the need to verify them and enforce them in execution. Seems to be the first time this concern was brought up.
ethereum/EIPs#1776
It's reference implementation does not implement external calls: https://github.com/pixowl/thesandbox-contracts/blob/master/src/Sand/erc20/ERC20MetaTxExtension.sol
Conclusion
As we can see implementations are fairly similar, after looking at all of them I tend to think that two approaches are valid:
I would basically report anything that allows the relayer to influence on the outcome of the transaction, other than not sending it at all.
The text was updated successfully, but these errors were encountered: