Potential Attack On Ethereum Network to Mint GasTokens



Abhishek sharma Security Auditor at QuillAudits.

Ethereum Network Vulnerability

The latest vulnerability, in ethereum framework uncovered by levelk, Potentially allows bad actors to mint large amounts of Gastokens or drain funds.

Discovered by whom ?

In levelk’s hypothetical study or in a case study it is possible to mint large amount of GasTokens while receiving ETH or any ERC20, or other standard token.

The vulnerability that comes in light when fallback function of a receiver contract is able to carry out capricious computations that the transaction producer pays for, which comes with a risk of ‘griefing’.

What is a griefer ?

A griefer or bad faith player is a player in a multiplayer video game who deliberately irritates and harasses other players within the game, using aspects of the game in intended or unintended ways. according to Wikipedia.

What is GAS ?

Gas is a fundamental resource on ethereum blockchain, every transaction on ethereum network require some amount of gas to execute a transaction it may be 1 gwei or in two or three digits.

What is GasToken ?

The gas token is kind of smart contract based on ethereum Blockchain, that allow users of ethereum blockchain to tokenize the gas when gas price are low and spend them when gas price are high.

It also become the first smart contract through which a user or an owner able to sale purchase gas on ethereum network.

How Gas token works ?

The gas tokens works on taking advantage of storage refund concept in ethereum, to inspire smart contracts to delete storage variable, ethereum network provides refund when storage variable is deleted upto half of the contract transaction.

● If a variable is changed from zero to a non-zero value, there is a gas fee
● If a variable is changed from a non-zero value to zero, there is a gas refund

To profit from gasToken:
● Mint tokens when gasPrice is low: change a variable from a zero value to non-zero.
● Burn tokens when gasPrice is high: change a variable from non-zero to zero.

Example :

Writing permanent blockchain state costs a significant amount of gas. For instance, the STORE instruction currently costs 20000 gas when writing a non-zero value to storage. Erasing the storage costs an additional 5000 gas, but also provides a refund of 15000 gas.

Suppose we write to storage when gas has a price of gas low and redeem the token for a refund when gas prices are high, at gas high. Our total expenses per storage word are:

20000⋅gaslow + 5000⋅gashigh

We receive a refund per word of :


We could expect savings whenever :

gashigh > 2⋅gaslow

There are actually two versions of GasToken: one that uses storage to bank gas(used above GST1), and another one that banks gas by creating contracts. The latter takes advantage of the gas refund obtained when deleting a whole contract(GST2).


Comparison between two version of GasToken


How attacker gets the benefit ?

A GasToken holder or owner can decrease the cost of a transaction when gasPrice is high by burning the GasToken minted when GasPrice was low or by attacking exchange or by calling function withdraw of any exchange that initiate transfer of funds of any ERC token that call fallback function of a smart contract of a attacker and it will be able to mine GasTokens or execute a transaction that may drain transaction originators funds.

Suggestion to avoid these type of attacks

Most of the exchanges are already aware of these types of minting attack but still fail to cover all the attacks, reason behind these is lack of developers knowledge, awareness of these attacks and existing tools could not be able to verify all the potential bugs and vulnerability in smart contract mostly related to delegate calls. This attack is even more harmful for, Exchanges that doesn’t implemented a proper KYC process as attackers can repeatedly mint GasTokens using different address.

Implementation of gas limit to all transaction should be applied,

required_gas_limit * gas_price

Let’s discuss more on Blockchain Security, ping me on my telegram handle — @abhi_blockchain !

read original article here