Potential Denial of Service via Gas Limit in executeFromExecutor function in Nexus Contract
Summary
The executeFromExecutor function in the Nexus contract allows executing transactions in single or batch modes as specified by the execution mode. There is a potential for denial of service (DoS) through the exhaustion of gas limits, particularly when executing complex or numerous transactions within a batch.
Vulnerability Details
The executeFromExecutor function processes transactions from executor modules but does not enforce gas limits for these operations. This can lead to potential denial of service (DoS) attacks if an attacker submits transactions that consume excessive gas, exhausting the contract's gas supply.
Impact
An attacker could:
Submit transactions designed to consume excessive gas, causing legitimate transactions to fail.
Create a denial of service condition, disrupting the normal operations of the contract and affecting its users.
Tools Used
Manual review
Recommendations
Implement gas limit checks for transactions processed by
executeFromExecutorto prevent excessive gas consumption.
Monitor gas usage and implement fallback mechanisms to handle scenarios where gas limits are exceeded.
Conduct regular gas profiling and optimization to ensure efficient gas usage across all contract functions.
Lead Judging Commences
finding-executeFromexecutor-gas-limit
Invalid, it is up to the user of the smart contract account to supply enough gas to execute transactions/operations.
Appeal created
finding-executeFromexecutor-gas-limit
Invalid, it is up to the user of the smart contract account to supply enough gas to execute transactions/operations.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.