Use less or fixed amount of gas when using staticcall in TokenUtil::_callBaseUri(address)
Summary
Protocol is using the entirety of its available gas when calling _baseUri() or baseUri() with staticcall in TokenUtil::_callBaseUri(address).
Vulnerability Details
Contract is sending all of its available gas to the collection contract to use on its end. This contract can be gas consuming if it has some implementation where it searches for an URI in a for loop - and could spend all gas sent to it. This will fail/revert the transaction.
Impact is medium because only one NFT collection is affected and likelihood is low - hence the LOW impact.
Impact
Bricked protocol for collections using too much gas in _baseUri() or baseUri() functions.
Tools Used
Manual review
Recommendations
Use fixed amount of gas to call functions _baseUri() or baseUri(). Hardcode it instead of gas() into 1st argument of staticcall.
success := staticcall(20_000, ...
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.