We continue our series of educational articles and today we’ll look at Gas Gauge — an awesome tool aimed to help Solidity code auditors at detecting Out-of-Gas DoS vulnerabilities in Ethereum smart contracts. Not much is known about it, but it can compete with the best solutions, such as Slither, which we recently published an article about — be sure to read it!
We’re going to look into what this vulnerability is, what features the GasGauge tool has, and how to improve audit quality by combining different tools. Finally, we’ll break down the release paper of this tool and our team of auditors will share their observations and remarks!
First and foremost, we would like to express our sincere gratitude to the creators of this tool, everyone who supports it, the authors of all the resource materials, and of course our staff auditors who have helped us by revealing much-needed information and lifting the curtain of secrecy. And today, dear readers, it will be made available to you.
In this series we will focus only on those aspects that can be really useful for auditing and bug bounty hacking and that are not described anywhere! We can confidently say that such tips can be read publicly in a few places, and our blog is one of those places!
By the way, there are some vacant slots now so if your project needs an audit — feel free to write to us, visit our public reports page here.
One security issue plaguing Ethereum smart contracts is Out-of-Gas Denial of Service (OoG-DoS) vulnerabilities. Every operation in an Ethereum smart contract costs a certain amount of gas, a measurement unit for the amount of computational effort required to execute said operation or transaction, paid by the transaction initiation party.
Each block comes equipped with an upper bound on the amount of gas that can be spent to compute all the transactions within that block. This is called the Block Gas Limit.
Since a transaction cannot exceed one block, the transaction gas limit is also bound by the block gas limit. One of the kinds of gas-related vulnerabilities is DoS with Unbounded Operations, also known as Unbounded Mass operations. In this case, the execution of the transaction requires more gas than the block gas limit.
As a result, the execution of one or more functions in a smart contract vulnerable to Out-of-Gas can be blocked indefinitely if Out-of-Gas conditions are not appropriately handled. This is the type of vulnerability that Gas Gauge was designed to find.
According to its release paper, Gas Gauge is a tool aimed at detecting Out-of-Gas DoS vulnerabilities in Ethereum smart contracts. The Gas Gauge tool has three major components:
Detection Phase
Identification Phase
Correction Phase
You can read more about exactly how these three parts work from page two of this excellent study. Below we want to go through the highlights with you and share directly our experience of using this tool. But first, a little bit of theory:
The Detection Phase component consists of an accurate static analysis approach that finds and summarizes all the loops in a smart contract.
The Identification Phase component uses a white-box fuzzing approach to generate a set of inputs that causes the contract to run out of gas.
Lastly, the Correction Phase component uses static analysis and run-time verification to predict the maximum loop bounds consistent with allowable gas usage and suggest appropriate repairs to the tool’s users.
Each part of Gas Gauge can be used separately or all together to detect, identify and help repair contracts vulnerable to Out-of-Gas DoS vulnerabilities.
Using only one tool in your work is inconvenient and will not lead you to a good performance! That’s why the Authors made it possible to use Gas Gauge in conjunction with tools like Slither. There’s a new article from us about this tool just recently — be sure to read it if you haven’t seen it.
For example, you can use the Slither and Truffle Suite as parts of the Gas Gauge. Slither provides many useful APIs to collect information about a smart contract, such as data dependencies and function signatures. This is used to summarize the contract and extract the needed information for the other parts of Gas Gauge implementation.
First things first, we recommend that you use Foundry or Hardhat, but since Gas Gage was originally made to work with Truffle you have to run it — it’s easy enough to do.
Comparison with various smart contract security tools:
Also, the Control Flow Graph (CFG) generated by Slither is used to find the loops in the contract and their order. Further, Truffle Suite is used to compile and deploy Solidity smart contracts to a test Ethereum network.
This allows to use different sets of inputs in the Identification Phase of the tool and use different threshold values in the Correction Phase while retrieving useful gas-related information such as gas used and gas left.
Let’s take a look at the case solved by tool developers. Figure below demonstrates an example of a contract vulnerable to DoS with Unbounded Operations.
In this example, the number of iterations in the loop in addInterest is determined by the length of the variable users, which is controlled by the user input through addUsers.
addInterest performs some expensive arithmetic calculations to compute the interest per user (not shown in the snippet) and then sends each user the interest amount.
If the length of users is large, the computation required in the loop might reach the block gas limit, which causes the execution of the transaction to reach out of gas and revert.
Thus, as the number of users grows, the gas needed to execute addInterest will increase. Ultimately, the function may become impossible to execute without raising an Out-of-Gas exception, at which point no user can claim their interest, and the SmallBank contract will suffer reputation damage and lose users.
By the way, we ran the same tests on the same contract through our own tool — SmartCheck — and it found this vulnerability just as well, which proves the effectiveness of this tool. Soon, we will release several articles about it.
If Gas Gauge was able to detect the problem, you will see an error in the console and the result in the file will look like the on the screenshot below.
In our case, there is no really bad problem been detected, but Gas Gauge was able to find a Loop. You have to keep in mind that similar results are possible as the tool is looking specifically for OoG-DoS, i.e. functions that may stop working because of storage growth.
Our case with bulkTransfer is a bit different: there is msg.sender that controls the list of addresses, and may not pass too large arrays. So Gas Gauge detects it, and correctly determines that it is not an issue.
If the contract doesn’t include any loops, the result will be as shown below:
Killer-feature:
Gas Gauge solves one problem better than any other tool: it is able to calculate loop iterations that will fit in a blockchain block. However, its default block size is 6.7M since the tool hasn’t been updated in two years. You have to update it before running Gas Gauge. And even with this small limitation, Gas Gauge is a fantastic tool.
If the Slither tool is not able to scan a contract or does not identify loops or data dependencies, then all three phases of Gas Gauge miss important information that lowers its accuracy.
Also, the time limit and compilation problems of Truffle Suite may cause Gas Gauge not to operate properly. Functions containing structs or multidimensional arrays are not supported by the Correction Phase and Identification.
According to the Gas Gauge release paper, PhaseA:
Struct is just a custom type that can be defined within a contract, and because it is different in each contract, it can be very challenging to automate the test generation for such a construct.
However, they are supported in the Detection Phase, which is the phase that competes with other tools. Moreover, the contracts should be self-contained and written in Solidity to be used by Gas Gauge. Thus, contracts with external calls to other contracts or written in other languages are not supported.
What you should pay special attention to:
The tool is two years old. Some dependencies it requires may already be installed, potentially at different versions. This might lead to issues, consider utilizing virtual environment if you run into any problems.
When editing source files with VS Code, Gas Gauge may not work properly. Consider running the tool on a copy.
Make sure that you utilize the same solc version within run.py, Truffle config, and solc-select.
Set the proper port value when configuring run.py (should point to Ganache instance).
github.com/kadenzipfel/smart-contract-attack-vectors/blob/master/attacks/dos-gas-limit.md
consensys.github.io/smart-contract-best-practices/attacks/denial-of-service/
In conclusion, we would like to say that we hope that this article was informative and useful for you! Thank you for reading! 🙂
The most important thing we wanted to tell you and show you is that a new instrument does not mean good and an old instrument does not mean bad. It’s all about knowing how to use it and being willing to look for something new. We hope we’ve got you interested in that!
What instruments should we review? What would you be interested in reading about? Please leave your comments, we will be happy to answer them, and the best answers and questions may be included in the next article!