Last updated: March 11, 2025
SCWE-058: DoS with Block Gas Limit
Stable Version v0.0.1
This content is in the version-(v0.0.1) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).
Send Feedback
Relationships
Description
Denial of Service (DoS) with block gas limit occurs when a contract is designed in such a way that its execution depends on a large amount of gas, potentially exceeding the block gas limit. This can result in the transaction failing, causing the contract to become unavailable or unusable. Attackers can exploit this vulnerability by creating transactions that consume excessive gas, effectively locking the contract or preventing normal operation.
To mitigate this vulnerability, ensure that operations that depend on gas consumption are efficient and that gas limits are taken into account when designing contract logic. Avoid functions that require large amounts of gas to complete, and consider implementing features like batching or chunking operations to spread the gas usage across multiple transactions.
Vulnerable Contract Example
contract GasLimitDoS {
uint256[] public data;
function addData(uint256[] memory newData) public {
for (uint256 i = 0; i < newData.length; i++) {
data.push(newData[i]); // Can consume a large amount of gas if the array is large
}
}
}
Fixed Contract Example
contract GasLimitSafe {
uint256[] public data;
function addData(uint256[] memory newData) public {
uint256 batchSize = 100; // Limit the batch size to avoid excessive gas usage
for (uint256 i = 0; i < newData.length && i < batchSize; i++) {
data.push(newData[i]);
}
}
}