First Flight #4: Boss Bridge

First Flight #4

Beginner FriendlyFoundryBridge

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Gas Griefing attack on deployToken(), resulting in DoS or more.

azmaeengh

Summary

In the 'deployToken' function, the use of create without providing gas limits can expose the contract to a risk known as the "gas griefing" attack.
The deployToken function deploys a new ERC20 contract using the provided contractBytecode. If an attacker is able to send a transaction with just enough gas to execute the deployToken function but not enough for the creation of the new ERC20 contract, the function call will fail, and the contract deployment will not occur.

Vulnerability Details

Gas griefing occurs when an attacker deploys a contract with expensive constructor logic, causing the deployment transaction to run out of gas and fail. If the deployToken function is called with a large amount of gas, but the contract bytecode is not correctly formed, the function could consume all of the gas and revert the transaction.

Impact

This can be used to grief the deployer by consuming all the available gas and preventing them from deploying other contracts or performing other critical actions.

Tools Used

Manual review and AI.

Recommendations

To prevent these attacks, you could consider the following changes:

Validate the Contract Bytecode: Before deploying a new contract, you could validate the contract bytecode to ensure that it is correctly formed. This could help prevent gas griefing attacks.
Set a Maximum Gas Limit: To prevent DoS attacks, you could set a maximum gas limit for the deployToken function. This would ensure that even if an attacker tries to deploy a malformed contract, they would not be able to consume all of the gas.

Here's an example of how you could modify the deployToken function to include these mitigations:

function deployToken(string memory symbol, bytes memory contractBytecode) public onlyOwner returns (address addr) {

+ require(isValidBytecode(contractBytecode), "Invalid contract bytecode");

+ require(gasleft() > MAX_GAS_LIMIT, "Gas limit exceeded");

assembly {

addr := create(0, add(contractBytecode, 0x20), mload(contractBytecode))

}

s_tokenToAddress[symbol] = addr;

emit TokenDeployed(symbol, addr);

}

+ function isValidBytecode(bytes memory bytecode) private pure returns (bool) {

+ // TODO: Implement bytecode validation logic

+ return true;

+ }

In this modified version of the 'deployToken' function, the isValidBytecode function is used to validate the contract bytecode before deploying the contract. This function is currently a placeholder and would need to be implemented with the appropriate logic to validate the contract bytecode. The gasleft function is used to check the remaining gas before deploying the contract, and the MAX_GAS_LIMIT constant would need to be defined with an appropriate value to limit the gas usage of the deployToken function.

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Known issue

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.