Summary

Blast Network sends back all the gas fees used by a smart contract as an additional source of revenue. Tsender.huff did not configure the claimable mode to enable it claim gas fee refund.

Vulnerability Details

The contest page indicate that the Tsender.huff will be deployed to Blast Network and According to Blast docs:

Existing L2s like Optimism and Arbitrum keep sequencer fees for themselves. Blast redirects sequencer fees to the dapps that induced them, allowing smart contract developers to have an additional source of revenue.

Contracts have two options for their Gas Mode:

Void (DEFAULT): base + priority fees go to the sequencer operator
Claimable: base + priority fees spent on this contract can be claimed by the contract, net of L1 fees
Smart contracts must interact with the Blast contract located at 0x4300000000000000000000000000000000000002 to change their Gas Mode.

Below is an example of how to set the gas mode to CLAIMABLE

Consider configuring this gas mode so that the protocol can benefit from the gas refund. Even if the protocol don't need this gas refund from Blast, the protocol can reward their top users with the refunded ETH from transactions using the Tsender.huff.

Impact

Loss of gas ETh refund from Blast network

Tools Used

Manual review

Recommendations

Consider creating a different version of the Tsender.huff contract specifically for deployment to Blast network and configure the gas mode to CLAIMABLE as shown in the example here