Impact
In the Polkadot-SDK, inherent extrinsics are unsigned transactions added by block producers to include local, node-specific data directly into blocks. Furthermore, gas is the price paid in the native currency for each unit of gas used.
The extrinsic note_min_gas_price_target is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which includes the check_inherent call. This allows other nodes to verify if the input (in this case, the target value) is correct. However, the check_inherent function has not been implemented for note_min_gas_price_target. This lets the block producer set the target value without verification. The target is then used to set the MinGasPrice, which has an upper and lower bound defined in the on_initialize hook. The block producer can set the target to the upper bound. Which also increases the upper and lower bounds for the next block. Over time, this could result in continuously raising the gas price, making contract execution too expensive and ineffective for users.
An attacker could use this flaw to manipulate the gas price, potentially leading to significantly inflated transaction fees. Such manipulation could render contract execution prohibitively expensive for users, effectively resulting in a denial-of-service condition for the network.
Patches
The issue is fixed in PR 1719.
It's recommended that a runtime upgrade including this fix to be issued at the next normal schedule.
Credits
This issue is discovered in a security audit by SRLabs with the Moonbeam team. Polkadot Assurance Legion (PAL) financially contributed to the security audit.
Impact
In the Polkadot-SDK, inherent extrinsics are unsigned transactions added by block producers to include local, node-specific data directly into blocks. Furthermore, gas is the price paid in the native currency for each unit of gas used.
The extrinsic
note_min_gas_price_targetis an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, theProvideInherenttrait should be implemented for each inherent, which includes the check_inherent call. This allows other nodes to verify if the input (in this case, the target value) is correct. However, the check_inherent function has not been implemented fornote_min_gas_price_target. This lets the block producer set the target value without verification. The target is then used to set theMinGasPrice, which has an upper and lower bound defined in theon_initializehook. The block producer can set the target to the upper bound. Which also increases the upper and lower bounds for the next block. Over time, this could result in continuously raising the gas price, making contract execution too expensive and ineffective for users.An attacker could use this flaw to manipulate the gas price, potentially leading to significantly inflated transaction fees. Such manipulation could render contract execution prohibitively expensive for users, effectively resulting in a denial-of-service condition for the network.
Patches
The issue is fixed in PR 1719.
It's recommended that a runtime upgrade including this fix to be issued at the next normal schedule.
Credits
This issue is discovered in a security audit by SRLabs with the Moonbeam team. Polkadot Assurance Legion (PAL) financially contributed to the security audit.