Skip to content
This repository has been archived by the owner on Apr 4, 2024. It is now read-only.

Commit

Permalink
fix: set an upper bound to gasWanted to prevent DoS attack (#991)
Browse files Browse the repository at this point in the history
Closes: #989

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>
  • Loading branch information
yihuang and fedekunze authored Mar 16, 2022
1 parent 889ff2b commit edf4569
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
### Bug Fixes

* (rpc) [tharsis#990](https://github.com/tharsis/ethermint/pull/990) Calculate reward values from all `MsgEthereumTx` from a block in `eth_feeHistory`.
* (ante) [tharsis#991](https://github.com/tharsis/ethermint/pull/991) Set an upper bound to gasWanted to prevent DoS attack.

## [v0.11.0] - 2022-03-06

Expand Down
15 changes: 13 additions & 2 deletions app/ante/eth.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ import (
ethtypes "github.com/ethereum/go-ethereum/core/types"
)

const MaxTxGasWanted uint64 = 500000

// EthSigVerificationDecorator validates an ethereum signatures
type EthSigVerificationDecorator struct {
evmKeeper EVMKeeper
Expand Down Expand Up @@ -171,7 +173,6 @@ func (egcd EthGasConsumeDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simula
london := ethCfg.IsLondon(blockHeight)
evmDenom := params.EvmDenom
gasWanted := uint64(0)

var events sdk.Events

for _, msg := range tx.GetMsgs() {
Expand All @@ -184,7 +185,17 @@ func (egcd EthGasConsumeDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simula
if err != nil {
return ctx, sdkerrors.Wrap(err, "failed to unpack tx data")
}
gasWanted += txData.GetGas()

if ctx.IsCheckTx() {
// We can't trust the tx gas limit, because we'll refund the unused gas.
if txData.GetGas() > MaxTxGasWanted {
gasWanted += MaxTxGasWanted
} else {
gasWanted += txData.GetGas()
}
} else {
gasWanted += txData.GetGas()
}

fees, err := egcd.evmKeeper.DeductTxCostsFromUserBalance(
ctx,
Expand Down
2 changes: 1 addition & 1 deletion app/ante/eth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,7 @@ func (suite AnteTestSuite) TestEthGasConsumeDecorator() {
{
"success",
tx2,
tx2GasLimit,
ante.MaxTxGasWanted, // it's capped
func() {
vmdb.AddBalance(addr, big.NewInt(1000000))

Expand Down

0 comments on commit edf4569

Please sign in to comment.