dn404 icon indicating copy to clipboard operation
dn404 copied to clipboard
verified publisher icon Vectorized

DoS Vector: Transfering relatively large amounts of DN404 always `oog`s

Open akshatmittal opened this issue 2 years ago • 6 comments

This shouldn't be a surprise, but if you create a DN404 with higher than 2.7k supply (in units, aka 18dec) and attempt to transfer ~2.7k tokens to another address, the gas consumption to mint the NFTs is over 30m reverting with oog on mainnet.

There's probably no workaround for this, but it's at least worth documenting somewhere.

Fairly easy to verify:

contract RevertTest is SoladyTest {
    SimpleDN404 dn;

    function setUp() public {
        dn = new SimpleDN404("DN404", "DN", 2700 * 10 ** 18, address(this));
    }

    function testTransfer() public { // gas: 30715623
        dn.transfer(address(1), 2_700 * 10 ** 18);
    }
}

akshatmittal avatar Feb 16 '24 01:02 akshatmittal

Ok, we should add a cautionary comment. Nice suggestion.

Vectorized avatar Feb 16 '24 05:02 Vectorized

@akshatmittal This is intentional and I have degen'd this feature to build something new on DN404 😈

ghost avatar Feb 16 '24 05:02 ghost

WTF. kekw. @zerotwodao

Vectorized avatar Feb 16 '24 06:02 Vectorized

@Vectorized Although I think if there is a function that could disable NFT transfers on behalf of other EOAs would be super cool and would increase adoption of DN404 tokens from centralized exchanges, I think it would be great if we have a simple oracle contract of merkle root to verify inclusion proofs that contains deposit wallets

ghost avatar Feb 16 '24 06:02 ghost

@zerotwodao If it's another PoG token I'll lose my mind lol. We have enough XEN in this world. 😹

akshatmittal avatar Feb 16 '24 06:02 akshatmittal

@akshatmittal

8g0r4d

ghost avatar Feb 16 '24 06:02 ghost