contracts icon indicating copy to clipboard operation
contracts copied to clipboard
verified publisher icon tokencard

Gas Token Griefing

Open nostdm opened this issue 6 years ago • 2 comments

Since Token Group Ltd. pays for the gas costs associated with executing meta-transactions, a malicious owner can convert Token Group Ltd.’s gas subsidy into a store of value by using a gas token or some other kind of gas-storage contract. For example, if the executeRelayedTransaction() function calls executeTransaction() which then donates gas to a gas token, the owner can pocket the economic value of the gas tokens created. Note that the whitelisting and spending-limit rules in executeTransaction() are insufficient to mitigate a gas token attack, as no tokens or Ether need to be transferred in order for the gas token contract to "store" gas. Unfortunately, there isn’t an easy mitigation for this issue as long as the Wallet contract supports calls to arbitrary external contracts and meta-transactions are paid for by a third party.

nostdm avatar Nov 25 '19 12:11 nostdm

We think that the Gas token is neither here nor there, as we were aware of the issue. The key thing to remember here is that we won't be relaying arbitrary smart contract calls for the user. We will be generating the meta transactions and we will have to make sure that we don’t generate metatransactions for gas tokens.

Furthermore, we will only ever relay transactions created by our app.

mischat avatar Nov 27 '19 16:11 mischat

This is still relevant - it should be considered when we implement the gas-less approach. Users could potentially mint GasTokens from our gas if we are the ones paying the transaction fee. @jeffreybolle

nostdm avatar May 06 '20 15:05 nostdm