Add gas siphoning attack
Closed this issue · 2 comments
maurelian commented
Does this belong in the SWC?
https://medium.com/level-k/public-disclosure-malicious-gastoken-minting-236b2f8ace38
It's not something that can be mitigated within a contract, the issue affects exchanges who include a too high gas limit with an ETH transfer.
maurelian commented
I see that this was started and stalled in #140.
It's not really a vuln at the contract layer, because it affects any situation in which a call is made to an arbitrary address.
The issue is with gas estimation in wallet code.
maurelian commented
So, after chatting with @b-mueller, I think this is out of scope.
I guess as long as you can express an issue with a code sample it belongs into the SWC. if it's something that only relates to wallets then it doesn't