You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue seems to be resolved.
The issue was that attacker might cause the quantity() function to be called with little to no gas, and now the function ensures that it’s being called with at least 100K gas.
100K gas seems to be enough for most cases (esp. considering it’s a view function) but there might be some edge cases when it’s not enough (considering that the implementation for refPerTok() might change depending on the asset).
However, I can’t recommend any specific number, since we can always say there might be an edge case where it’d cost more than that (in fact this issue stems from mitigating an issue that claims we might encounter a case where refPerTok() would consume more gas than the block gas limit).
The text was updated successfully, but these errors were encountered:
Lines of code
Vulnerability details
Issue seems to be resolved.
The issue was that attacker might cause the
quantity()
function to be called with little to no gas, and now the function ensures that it’s being called with at least 100K gas.100K gas seems to be enough for most cases (esp. considering it’s a view function) but there might be some edge cases when it’s not enough (considering that the implementation for
refPerTok()
might change depending on the asset).However, I can’t recommend any specific number, since we can always say there might be an edge case where it’d cost more than that (in fact this issue stems from mitigating an issue that claims we might encounter a case where
refPerTok()
would consume more gas than the block gas limit).The text was updated successfully, but these errors were encountered: