Last updated: March 11, 2025
SCWE-059: Insufficient Gas Griefing
Stable Version v0.0.1
This content is in the version-(v0.0.1) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).
Send Feedback
Relationships
Description
Insufficient gas griefing occurs when an attacker intentionally sends a transaction with insufficient gas to force the contract to fail. This can lead to resource consumption issues and potential denial of service for the contract or other users. If a contract relies on external calls or interacts with other contracts and does not properly handle gas estimation, it may be vulnerable to such attacks.
To mitigate this vulnerability, ensure that gas estimation and proper gas limits are handled when performing contract calls, especially when interacting with other contracts. Additionally, use mechanisms to handle failures gracefully, such as revert messages and checks for sufficient gas before initiating important operations.
Vulnerable Contract Example
contract GasGriefing {
address public owner;
constructor() {
owner = msg.sender;
}
function transferFunds(address payable recipient, uint256 amount) public {
require(msg.sender == owner, "Not the owner");
recipient.transfer(amount); // Potential for griefing with insufficient gas
}
}
Fixed Contract Example
contract GasGriefingSafe {
address public owner;
constructor() {
owner = msg.sender;
}
function transferFunds(address payable recipient, uint256 amount) public {
require(msg.sender == owner, "Not the owner");
bool success = recipient.send(amount); // Safe transfer with gas estimation
require(success, "Transfer failed due to insufficient gas");
}
}