Incorrect Calculation Logic
In this page, we explore vulnerabilities caused by incorrect calculation logic.
Issue from Incorrect priceMarkUp Range
When using priceMarkup, it's important to carefully consider who bears the cost of any discount. Be mindful of scenarios where other users or the paymaster may be unfairly burdened.
Example Case:
If the priceMarkUp is too low (discount), only certain users may benefit from the reduced gas fees, while other users may be unable to access the amount they have deposited.
Mitigation: The range of
priceMarkUpshould be restricted to ensure it does not negatively impact the protocol.
require(_tokenPaymasterConfig.priceMarkup <= 2 * PRICE_DENOMINATOR, "TPM: price markup too high");
require(_tokenPaymasterConfig.priceMarkup >= PRICE_DENOMINATOR, "TPM: price markup too low");Overflow/Underflow Risk with Unchecked Operations
When using unchecked blocks to save gas, be cautious of overflow/underflow risks, especially when performing calculations with sensitive variables or user-supplied parameters.
Example Case:
If a user withdraws all their deposit while their userOperation is waiting in the mempool after the first validation, an underflow could occur in the gas payment process due to an unchecked code block.
Following this process, the user’s deposit approaches the maximum value, allowing them to potentially withdraw all of the Paymaster’s funds.
Mitigation: A conditional statement should be used to compare the two values before performing the actual calculation to ensure that such issues do not occur.
if (requiredGasCost > deposits[user]){
revert("deposit too low");
}Last updated