PaymasterDocs
  • All-In-One Paymaster
  • Basics of Paymaster
    • What is Paymaster?
    • Breaking down the paymaster
  • Several types of the paymaster
    • Several types of the paymaster
      • Breaking down the paymaster-TokenPaymaster
      • Breaking down the paymaster-SponsorshipPaymaster
  • Vectors of Paymaster
    • Threat Modeling
    • General Vectors
      • Mismanagement of funds
      • Incorrect Validation Logic
      • Incorrect Calculation Logic
      • Structural Error
      • Threats in v0.6
      • Reputation-Related Risk
        • Understanding Reputation for Paymaster
      • Signature Reuse Risk
    • Sponsorship Paymaster Specific Vectors
    • EIP-7702 Paymaster Specific Vectors
    • How to apply test code
    • Test Results Dashboard
  • Multichain paymaster
    • Overview
      • Omnichain paymaster - Particle Network
  • RESOURCES
    • Resources
    • Remaining services
    • Integrating with further EIPs
      • EIP-7702
      • EIP-6900
    • Contributions and FAQ
Powered by GitBook
On this page
  • Issue from Incorrect priceMarkUp Range
  • Overflow/Underflow Risk with Unchecked Operations
  1. Vectors of Paymaster
  2. General Vectors

Incorrect Calculation Logic

In this page, we explore vulnerabilities caused by incorrect calculation logic.

PreviousIncorrect Validation LogicNextStructural Error

Last updated 6 months ago

Issue from Incorrect priceMarkUp Range

When using priceMarkup, it's important to carefully consider who bears the cost of any discount. Be mindful of scenarios where other users or the paymaster may be unfairly burdened.

Example Case:

If the priceMarkUp is too low (discount), only certain users may benefit from the reduced gas fees, while other users may be unable to access the amount they have deposited.

  • Mitigation: The range of priceMarkUp should be restricted to ensure it does not negatively impact the protocol.

require(_tokenPaymasterConfig.priceMarkup <= 2 * PRICE_DENOMINATOR, "TPM: price markup too high");
require(_tokenPaymasterConfig.priceMarkup >= PRICE_DENOMINATOR, "TPM: price markup too low");

Overflow/Underflow Risk with Unchecked Operations

When using unchecked blocks to save gas, be cautious of overflow/underflow risks, especially when performing calculations with sensitive variables or user-supplied parameters.

Example Case:

If a user withdraws all their deposit while their userOperation is waiting in the mempool after the first validation, an underflow could occur in the gas payment process due to an unchecked code block.

Following this process, the user’s deposit approaches the maximum value, allowing them to potentially withdraw all of the Paymaster’s funds.

  • Mitigation: A conditional statement should be used to compare the two values before performing the actual calculation to ensure that such issues do not occur.

if (requiredGasCost > deposits[user]){
    revert("deposit too low");
}