This repository has been archived by the owner on Dec 22, 2024. It is now read-only.
KingNFT - Missing compensation for the 21,000 intrinsic gas cost
#142
Labels
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
Comments
|
The protocol team fixed this issue in the following PRs/commits: |
sherlock-admin3
added
Sponsor Confirmed
sherlock-admin2
changed the title
21,000 intrinsic gas cost21,000 intrinsic gas cost
|
The Lead Senior Watson signed off on the fix. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
KingNFT
Medium
Missing compensation for the
21,000intrinsic gas costSummary
Every EVM transaction (on both L1 and L2) has an immediate
21,000intrinsic gas cost, it's charged before any execution of smart contract code. The current impletmentation is missing to compensate this portion of gas cost, the keeper would suffer lost on each transaction.Reference: https://stackoverflow.com/questions/50827894/why-does-my-ethereum-transaction-cost-21000-more-gas-than-i-expect
Vulnerability Detail
The current
startGas(L67) can't account for the21,000intrinsic gas cost.Impact
The keeper will suffer continuing 21,000 intrinsic gas losses on each transaction
Code Snippet
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/8a1a01804a7de7f73a04d794bf6b8104528681ad/elfi-perp-contracts/contracts/facets/OrderFacet.sol#L67
Tool used
Manual Review
Recommendation
File: contracts\facets\OrderFacet.sol 66: function executeOrder(uint256 orderId, OracleProcess.OracleParam[] calldata oracles) external override { -67: uint256 startGas = gasleft(); +67: uint256 startGas = gasleft() + 30000; // @audit 21000 intrinsic gas plus 9000 extra gas for calldata and facet lookup in diamond fallback() functionThe text was updated successfully, but these errors were encountered: