diff --git a/CHANGELOG.md b/CHANGELOG.md index 932da0215c..d8bfaec608 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,6 +41,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ - (rpc) [tharsis#979](https://github.com/tharsis/ethermint/pull/979) Add configurable timeouts to http server - (rpc) [tharsis#988](https://github.com/tharsis/ethermint/pull/988) json-rpc server always use local rpc client +* (ante) [tharsis#991](https://github.com/tharsis/ethermint/pull/991) Set an upper bound to gasWanted to prevent DoS attack. ### Bug Fixes diff --git a/app/ante/eth.go b/app/ante/eth.go index 94a44f6fec..a45025c1ea 100644 --- a/app/ante/eth.go +++ b/app/ante/eth.go @@ -17,6 +17,8 @@ import ( ethtypes "github.com/ethereum/go-ethereum/core/types" ) +const MaxTxGasWanted uint64 = 500000 + // EthSigVerificationDecorator validates an ethereum signatures type EthSigVerificationDecorator struct { evmKeeper EVMKeeper @@ -171,7 +173,6 @@ func (egcd EthGasConsumeDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simula london := ethCfg.IsLondon(blockHeight) evmDenom := params.EvmDenom gasWanted := uint64(0) - var events sdk.Events for _, msg := range tx.GetMsgs() { @@ -184,7 +185,17 @@ func (egcd EthGasConsumeDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simula if err != nil { return ctx, sdkerrors.Wrap(err, "failed to unpack tx data") } - gasWanted += txData.GetGas() + + if ctx.IsCheckTx() { + // We can't trust the tx gas limit, because we'll refund the unused gas. + if txData.GetGas() > MaxTxGasWanted { + gasWanted += MaxTxGasWanted + } else { + gasWanted += txData.GetGas() + } + } else { + gasWanted += txData.GetGas() + } fees, err := egcd.evmKeeper.DeductTxCostsFromUserBalance( ctx, diff --git a/app/ante/eth_test.go b/app/ante/eth_test.go index 3490ba698c..01a55734c5 100644 --- a/app/ante/eth_test.go +++ b/app/ante/eth_test.go @@ -268,7 +268,7 @@ func (suite AnteTestSuite) TestEthGasConsumeDecorator() { { "success", tx2, - tx2GasLimit, + ante.MaxTxGasWanted, // it's capped func() { vmdb.AddBalance(addr, big.NewInt(1000000))