Description

When a transaction is submitted, it must include a fee that is greater than the current base fee set by the chain.

pub(super) async fn fee_greater_than_base_fee<S: StateRead>(
    state: S,
    transaction: &Transaction,
) -> Result<()> {
    let current_gas_prices = state
        .get_gas_prices()
        .await
        .expect("gas prices must be present in state");

    let transaction_base_price = current_gas_prices.fee(&transaction.gas_cost());

    if transaction
        .transaction_body()
        .transaction_parameters
        .fee
        .amount()
        >= transaction_base_price
    {
        Ok(())
    } else {
        Err(anyhow::anyhow!(
            "consensus rule violated: paid transaction fee must be greater than or equal to transaction's base fee"
        ))
    }
}

The issue is that only the fee amount is checked and not the asset ID, allowing a user to pay the fee in any asset they control.

Impact

A malicious user could transfer in a large amount of a worthless asset via IBC and use it to pay for the transaction fees. This would allow them to spam the chain with transactions without having to pay any real cost. Although no real fee would need to be paid, a spend proof would still need to be generated by the malicious user.

Recommendations

The asset ID of the fee should be checked to ensure that it is the staking token.

Remediation

This issue has been acknowledged by Penumbra Labs, and a fix was implemented in commit 70f66af2↗.