[M] Unused gasValue is not refunded when calling deployRemoteCanonicalToken to the destination chain #387
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
code423n4
added
2 (Med Risk)
|
0xSorryNotSorry marked the issue as duplicate of #316 |
|
berndartmueller marked the issue as not a duplicate |
|
Wrongly duplicated to #316 Kindly invite the sponsor's feedback. @deanamiel |
|
deanamiel (sponsor) disputed |
c4-sponsor
added
the
sponsor disputed
|
This is not a code related issue specific to the interchain token service, it is a more general concern related to the Axelar stack as a whole. There should not be any calls that get stuck like this. |
|
Invalidating the submission. Failed transactions during relaying should be paid from the provided gas fees by the user to compensate the relayer. |
|
berndartmueller marked the issue as unsatisfactory: |
c4-judge
added
the
unsatisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2023-07-axelar/blob/2f9b234bb8222d5fbe934beafede56bfb4522641/contracts/its/interchain-token-service/InterchainTokenService.sol#L325
Vulnerability details
Impact
In InterchainTokenService, its used to deploy multiple
tokenManagerson different chains.According to the dev comments:
gasValueexists because this function can be part of a multicall involvingmultiple functions that could make remote contract calls.
However, when
deployRemoteCanonicalTokenis called, thegasValuesent could exceed the required gas fee for the function to execute successfully on the destination chain.Proof of Concept
Occasionally, transactions can get "stuck" in the pipeline from a source to destination chain
(e.g. due to one-off issues that arise with relayers that operate on top of the network).
Transactions have typically gotten "stuck" in the pipeline due to:
This will lead to in some instances excess gas being sent and not used.
Therefore, the excess gas will not be refunded to the user.
This is existential across a few functions in InterchainTokenService.
Including
deployAndRegisterRemoteStandardizedTokenanddeployRemoteCustomTokenManager.Tools Used
Manual Review
Recommended Mitigation Steps
I would suggest to use a gas refund mechanism to refund the unused gas to the user or
provide a cancel option if the transaction failed, from the source chain or destination chain,
and allow the user to get the gas refund.
Assessed type
Other
The text was updated successfully, but these errors were encountered: