DoS With Block Gas Limit Vulnerability
DoS With Block Gas Limit Vulnerability
When smart contracts are deployed or functions within them are called, the execution of these actions always requires a specific amount of gas, which is determined based on the computational needs to complete them. The Ethereum Virtual Machine (EVM) sets a block gas limit, meaning the total gas of all transactions in a block cannot exceed this limit.
Programming patterns that are harmless in centralized applications can lead to Denial of Service (DoS) conditions in smart contracts when the cost of executing a function exceeds the block gas limit. For example, modifying an array with an unknown size that grows over time can lead to such DoS conditions.
When the Transaction Gas Limit Exceeds the Block Gas Limit
If the gas required for a transaction exceeds the block gas limit, that transaction will not be included in the block. However, it's important to note that the transaction is not executed or processed, and since it doesn’t alter the state, the concept of a revert doesn’t apply here. Instead, the transaction is simply not mined and not included in the block.
Denial of Service (DoS) Attack via Increased Gas Consumption in Infinite Loops
Each time a loop is executed in a smart contract, it consumes some amount of gas. The more iterations the loop has, the higher the gas cost for executing the function. If conditions arise where an attacker or even normal user activity increases the number of iterations of a loop significantly, it may lead to an excessive amount of gas being required to execute the function, surpassing the block gas limit.
If this happens, the transaction will fail due to exceeding the gas limit and will not execute, creating a Denial of Service (DoS) vulnerability. This causes the function to become non-executable because any attempt to execute it will always consume more gas than allowed within a block.
As a result, any contract functionality dependent on this function will fail. This condition can cause critical smart contract features to stop working, and potentially, funds or assets stored in the contract could be permanently locked because the contract can no longer execute the necessary operations to release them.
This risk is particularly concerning in contracts that allow anonymous users to influence the number of loop iterations. If an attacker can manipulate the input in a way that increases the number of loop executions excessively, they could cause certain contract functions to become disabled, ultimately disrupting the availability and functionality of the smart contract.
What Impact Does DoS With Block Gas Limit Have?
A DoS attack caused by exceeding the gas limit in an infinite loop: If such conditions occur, the transaction will fail due to exceeding the gas limit, leading to a Denial of Service (DoS) vulnerability. In this case, the function becomes non-callable, as any attempt to execute it will always consume more gas than the allowed limit in a block.
What Actions Should Be Taken?
-
If you expect to have large arrays that grow over time, caution should be exercised. Operations that require traversing the entire data structure should be avoided.
-
If you must iterate over an array with an unknown size, plan for the operation to potentially require multiple blocks, and therefore multiple transactions.
Our Solution:
Sources:
