Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Swisstronik>Medium findings>Missing overflow check in ,AddTransientGasWanted
GeneralOverview
Findings
High (1)
Medium (3)The ECRecover precompile computes an incorrect keyMissing overflow check in AddTransientGasWantedLack of validation in ElasticityMultiplier causes division by zero
Low (4)
Informational (1)
DiscussionInstallation stepsThe go-ethereum precompile tests
Audit ResultsAssessment Results
Category: Coding Mistakes

Missing overflow check in AddTransientGasWanted

Medium Severity
Medium Impact
Low Likelihood

Description

The AddTransientGasWanted function accumulates the gas into a uint64 without performing an overflow check. If the sum exceeds the maximum value of uint64, it will wrap around to zero, leading to incorrect or unpredictable gas accounting.

// AddTransientGasWanted adds the cumulative gas wanted in the transient store
func (k Keeper) AddTransientGasWanted(ctx sdk.Context, gasWanted uint64) (uint64, error) {
!  result := k.GetTransientGasWanted(ctx) + gasWanted
  k.SetTransientBlockGasWanted(ctx, result)
  return result, nil
}

Impact

An overflow could reset or distort the block's cumulative gas usage, leading to invalid gas calculations.

Recommendations

Check to ensure the sum does not exceed math.MaxUint64.

Remediation

This issue has been acknowledged by Sigma Assets GmbH, and a fix was implemented in commit 339e3a92.

Zellic © 2025Back to top ↑