Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added a entry and test case for the recently disclosed Level K gas to… #140

Closed
wants to merge 1 commit into from
Closed

Added a entry and test case for the recently disclosed Level K gas to… #140

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions entries/SWC-Proposed.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Title
Gas Siphon Attack

## Relationships
[CWE-470: Use of Externally-Controlled Input to Select Classes or Code](https://cwe.mitre.org/data/definitions/470.html)

## Description
When an account calls an address that belongs to a contract the contract's code will execute and the caller's account will pay the gas for this computation. Programs which send transactions, such as geth, estimate the gas needed automatically and will include the gas for that arbitrary computation. Therefore if the sender of a transaction auto generates the transaction without validation they may end up paying for gas used in unintended computation. Alone this is a form of griefing, but combined with a gas token structure it allows attackers to steal gas.
Copy link
Contributor

@maurelian maurelian Dec 5, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is a form of griefing; it doesn't prevent the intended computation from occurring.

The current gas fee schedule includes a refund of gas when data stored in contracts or contracts themselves are deleted from the blockchain. This incentives keeping data stored on chain to a minimum. A gas token stores random data or creates contracts and then allows them to be deleted when called. This in effect creates a token which can be redeemed for gas in periods of high prices or network congestion.
If when an victim sends a transaction which allows arbitrary computation and the attacker uses that computation to mint gas token, then the attacker has in effect stolen gas from the victim. This has the largest effect on centralized exchanges, but could affect any contract which allows arbitrary code execution.
## Remediation
Parties which will send transactions should estimate or measure the gas cost of a transaction which contains no malicious code execution then limit all transactions to that amount. For example when directly sending ether the gas should be limited to 21000.
Applications should favor pull over push payments, transfers, and calls. They should avoid allowing contract calls to external code which they don't control.

## References
* [Level K Medium Disclosure](https://medium.com/level-k/public-disclosure-malicious-gastoken-minting-236b2f8ace38)
* [Comprehensive Disclosure](https://drive.google.com/file/d/1mULop1LxHJJy_uzVBdc_xFItN9ck04Jj/view)
* [Gas Token Reference](https://gastoken.io/)
Loading