Maximum gas logic doesn't account for overflows #2995
Labels
C:consensus
Component: Consensus
C:mempool
Component: Mempool
T:security
Type: Security (specify priority)
Milestone
This is another currently exploitable that will happen w.r.t. to gas wanted. The app can send multiple gas wanteds on the order of
2**62
or2**63
. Addition of these can cause overflow into a very small positive value. Then tendermint will have proposed a block with a much larger amount of gas than the gas limit. This is a problem both in the mempool, block validation logic, and existing cosmos application logic.I'll make a separate issue for the SDK.
The text was updated successfully, but these errors were encountered: