M-1 Lack of Validation on _callbackGasLimit
Summary
_callbackGasLimit is directly added to estimatedGasLimit without any upper bound check.
Vulnerability Details
If
_callbackGasLimitis too large, it could result in excessively high gas usage and potential DoS (Denial of Service) attacks.
Impact
Attackers could inflate gas costs to prevent other users from executing transactions.
Tools Used
Manual review
Recommendations
Set an upper bound for
_callbackGasLimitwhere the treshhold is a reasonable limit based on expected execution gas.
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.