Insufficient error handling in gas deduction for failed transactions
Description
In both processFailedEncryptedTx
and decryptAndExecuteTx
, there is insufficient error handling when deducting gas fees from an account with an insufficient balance.
When a transaction fails validation,
processFailedEncryptedTx
is triggered to account for gas used in operations like decryption. The function callshandleGasConsumption
to deduct additional gas used from the account balance. However, if the account lacks sufficient funds, only an error log is created without further action.
am.handleGasConsumption(ctx, creatorAddr, cosmosmath.NewIntFromUint64(actualGasConsumed), tx.ChargedGas)
...
func (am AppModule) handleGasConsumption(ctx sdk.Context, recipient sdk.AccAddress, gasUsed cosmosmath.Int, gasCharged *sdk.Coin) {
creatorAccount := am.accountKeeper.GetAccount(ctx, recipient)
...
if gasUsed.GT(gasCharged.Amount) {
deductFeeErr := ante.DeductFees(
am.bankKeeper,
ctx,
creatorAccount,
sdk.NewCoins(
sdk.NewCoin(
gasCharged.Denom,
gasUsed.Sub(gasCharged.Amount)),
),
)
if deductFeeErr != nil {
am.keeper.Logger().Error("deduct failed tx fee error")
am.keeper.Logger().Error(deductFeeErr.Error())
} else {
am.keeper.Logger().Info("failed tx fee deducted without error")
}
}
Similarly,
decryptAndExecuteTx
deducts gas fees usingante.DeductFees
, but it only logs an error if the deduction fails, without additional measures.
if refundAmount.IsZero() {
deductFeeErr := ante.DeductFees(am.bankKeeper, ctx, creatorAccount, sdk.NewCoins(usedGasFee))
if deductFeeErr != nil {
am.keeper.Logger().Error("Deduct fee Err")
am.keeper.Logger().Error(deductFeeErr.Error())
} else {
am.keeper.Logger().Info("Fee deducted without error")
}
}
In both functions, only logging occurs if an account lacks sufficient funds, allowing potential abuse.
Impact
This insufficient error handling could allow users to consume gas resources without deductions if they lack funds. For example, users could repeatedly submit failing transactions, triggering these functions to consume gas but bypass gas fees. This behavior could waste network resources and allow abuse, as malicious users could exploit this to submit numerous failed transactions without incurring the intended gas charges.
Recommendations
To prevent abuse and ensure proper resource utilization, consider implementing additional handling in both processFailedEncryptedTx
and decryptAndExecuteTx
to address failed gas deductions due to insufficient funds.
We suggest charging the user min(user balance, remaining gas)
instead of only logging the error. This ensures that users are still charged to the extent possible, even if their balance is insufficient to cover the full gas cost.
Additionally, consider implementing a fallback mechanism to halt further processing of transactions if gas deductions cannot be fully covered due to low balance.
Remediation
This issue has been acknowledged by Fairblock Inc., and a fix was implemented in PR 236↗ and PR 237↗. The fixes were merged in commit .