Contract using only native instructions can cause infinite loop

Question

Contract using only native instructions can cause infinite loop

wborgeaud opened this issue a year ago · 6 comments

As mentioned in #1106, there is a DOS attack vector when a contract uses only native instructions. This is because we only check that the gas hasn't exceeded the gas limit when inside the kernel. For example, this simple contract

JUMPDEST
PUSH0
JUMP

will cause an infinite loop in the prover, regardless of the gas limit used. PoC

Possible solutions:

It should be easy to detect these loops with a static analysis. We could then just discard calls to such contracts.
We could make JUMPDEST into a syscall that performs a gas limit check.

Answer 1 · 2023-10-19T18:04:13.000Z

This seems to me like something should be scheduled closer than Future...

Answer 2 · 2023-10-19T20:09:32.000Z

@wborgeaud Would changes like those do?
(Overall I'd tend to be more inclined towards the latter than the former, as relying on static analysis seems a bit sketchy to me).

Answer 3 · 2023-10-20T10:30:18.000Z

@wborgeaud Would changes like those do?

Yes they look good, thanks!

Answer 4 · 2023-10-20T12:40:01.000Z

I guess we may want things to be settled, regarding Jacqueline's take on the question, before we do something about it?

Answer 5 · 2023-10-23T17:06:51.000Z

I think we should add this as a blocker for audit -- meaning that either this issue is fixed or needs to be documented and communicated to Auditors.

Adding to Audit RC2

Answer 6 · 2023-10-23T17:37:55.000Z

Ah right we forgot to discuss it this morning. I had replied to @nbgl on Discord but not sure whether we settled on anything regarding this topic?