Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Executor and LiquidityPool.sol should use EIP-1559 transaction fee calculation mechanism and not the legacy mechanism #121

Closed
code423n4 opened this issue Mar 16, 2022 · 3 comments
Closed

Executor and LiquidityPool.sol should use EIP-1559 transaction fee calculation mechanism and not the legacy mechanism #121

code423n4 opened this issue Mar 16, 2022 · 3 comments
Labels
0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working invalid This doesn't seem right sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-03-biconomy/blob/main/contracts/hyphen/LiquidityPool.sol#L263-L340

Vulnerability details

Impact

LiquidityPool.sol uses legacy transaction fee calculation mechanism. At this moment there aren't yet any specific dates on how log legacy transactions will be supported however accordingly to Coinbase blog post EIP-1559 transactions have huge benefits: https://blog.coinbase.com/the-technical-benefits-of-eip-1559-c41bb85f5924
EIP-1559 transactions on average:

  • saved about 9% on effective gas prices
  • improved broadcast-to-confirmation time by 11 seconds, or 0.7 blocks

Proof of Concept

Documentation "https://ethereum.org/en/developers/docs/gas/" chapters describes how to calculate gas for legacy and EIP-1559 transactions:

Tools Used

Recommended Mitigation Steps

Use EIP-1559 / post London Upgrade transaction fee model:
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Mar 16, 2022
code423n4 added a commit that referenced this issue Mar 16, 2022
@code423n4
PPrieditis issue #121
71bc2a6
@ankurdubey521
Copy link
Collaborator

For networks that support EIP1559, the gas calculations do take EIP1559 into account.

In the contract, you can see that the gasPrice deducted is calculated as
uint256 gasFee = totalGasUsed * tokenGasPrice;
tokenGasPrice is a parameter that is calculated in our backend and passed to the function as a part of the contract call.
In case of EIP1559, tokenGasPrice is calculated as
maxFeePerGas * priceOfNativeTokenInUSD / tokenPriceInUSD

But you're right that we should utilize tx.gasPrice instead of maxFeePerGas off-chain, as this would be much more accurate since it's not guaranteed that maxFeePerGas would be utilized completely.

This is great catch, and should decrease overall user gas costs.

@ankurdubey521 ankurdubey521 added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Mar 30, 2022
@ankurdubey521
Copy link
Collaborator

https://ethereum.stackexchange.com/questions/122090/what-does-tx-gasprice-represent-after-eip-1559
just leaving this here for internal future reference

@ankurdubey521 ankurdubey521 mentioned this issue Apr 28, 2022
Merged
@pauliax
Copy link
Collaborator

pauliax commented Apr 28, 2022

Good suggestion but I think this does not pose any serious issues so should belong to the QA report of the warden: #126

@pauliax pauliax closed this as completed Apr 28, 2022
@pauliax pauliax added invalid This doesn't seem right 0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Apr 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0 (Non-critical) Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas optimisation bug Something isn't working invalid This doesn't seem right sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ankurdubey521 @pauliax @code423n4