top of page

LOW - ANKR - User gets more gas than supposed to when distributing rewards

Target


Bug Description

The distributeRewards() which pays out rewards sends them via

(bool result, ) = wallet.call{value: toDistribute, gas: 10000}("");

Althought it is assumed the wallet receives 10,000 gas for use, in fact it receives 12,300, because in BSC calls with value passed are given 2300 free gas.


Impact

This has two impacts:

  1. increased gas cost for distributeRewards function per distribution (amounts to large amount of gas saved).

  2. greater risk of re-entrancy attack as user has larger gas bank to work with.

Risk Breakdown

Difficulty to Exploit: Easy


Recommendation

Pass gas amount = 7700 to account for 2300 free gas units.


References



 

Ankr said it is fine for them to spend 12,300 gas for each call. Note that the low gas is Ankr's defense against re-entrancy in this contract. The smallest approve() contract shellcode would cost around 15K so it is probably not exploitable even with 12,300. But still there is a lot of gas savings to be had to fix this issue.

Recent Posts

See All

Comentarios


bottom of page