SCWE-058: DoS with Block Gas Limit
Stable Version v1.0
This content is in the version-(v1.0) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).
Relationships¶
- CWE-400: Uncontrolled Resource Consumption
https://cwe.mitre.org/data/definitions/400.html
Description¶
Denial of Service (DoS) with block gas limit occurs when a contract is designed in such a way that its execution depends on a large amount of gas, potentially exceeding the block gas limit. This can result in the transaction failing, causing the contract to become unavailable or unusable. Attackers can exploit this vulnerability by creating transactions that consume excessive gas, effectively locking the contract or preventing normal operation.
Remediation¶
To mitigate this vulnerability, ensure that operations that depend on gas consumption are efficient and that gas limits are taken into account when designing contract logic. Avoid functions that require large amounts of gas to complete, and consider implementing features like batching or chunking operations to spread the gas usage across multiple transactions.
Vulnerable Contract Example¶
pragma solidity ^0.8.0;
contract GasLimitDoS {
uint256[] public data;
function addData(uint256[] memory newData) public {
for (uint256 i = 0; i < newData.length; i++) {
data.push(newData[i]); // Can consume a large amount of gas if the array is large
}
}
}
Fixed Contract Example¶
pragma solidity ^0.8.0;
contract GasLimitSafe {
uint256[] public data;
uint256 public constant MAX_BATCH = 100;
function addData(uint256[] memory newData) public {
require(newData.length <= MAX_BATCH, "Batch too large; split into smaller calls");
for (uint256 i = 0; i < newData.length; i++) {
data.push(newData[i]);
}
}
}