Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add gas siphoning attack #208

Closed
maurelian opened this issue Aug 13, 2019 · 2 comments
Closed

Add gas siphoning attack #208

maurelian opened this issue Aug 13, 2019 · 2 comments

Comments

@maurelian
Copy link
Contributor

maurelian commented Aug 13, 2019
edited
Loading

Does this belong in the SWC?

https://medium.com/level-k/public-disclosure-malicious-gastoken-minting-236b2f8ace38

It's not something that can be mitigated within a contract, the issue affects exchanges who include a too high gas limit with an ETH transfer.
@maurelian
Copy link
Contributor Author

I see that this was started and stalled in #140.
It's not really a vuln at the contract layer, because it affects any situation in which a call is made to an arbitrary address.
The issue is with gas estimation in wallet code.

@maurelian
Copy link
Contributor Author

So, after chatting with @b-mueller, I think this is out of scope.

I guess as long as you can express an issue with a code sample it belongs into the SWC. if it's something that only relates to wallets then it doesn't

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@maurelian