Attacks which only waste gas and cost the attacker more than the victim #143
Comments
|
bringing conversation from [redacted] here
the attack is about consistently doing the same thing to the same victim over and over again, like i said in the issue. afaik, the project is multi chain, it costs max of 382342 gas (as reported by hardhat) to call the function. Currently gas on polygon is 49 gwei. 382342 * 49 gwei = 0.018734758 matic. if this attack is repeated for a every second(timestamp) in a day, assuming one victim call per second, that is 0.018734758 * 86400 = 1618.6830912 matic if on polygon for example. Price of one matic now is 0.7 usd, 0.7 * 1618 = 1179 USD. if attacker uses 2x the gas to stay in front, this gives the total cost of DOS per day to be around 2,358 USD. This is not too expensive for a well motivated DoSer to achieve, like a competitor for example.
the victim here is the protocol, can be a protocol contract etc, they need to create multisigs as part of their operational processes. Stalling it like this may not have USD costs visible to an outsider but can cost the protocol in other ways. also protocol may not know why the multi sig deployments are failing for a while as they will just panic revert with no reason. |
|
I understand your point, but any hypothetical attacker who would be spending thousands just to grief the protocol is burning money to delay the inevitable transaction success. This seems highly unlikely to me, thus the desire to get a Supreme Court ruling which states clearly to all future wardens that we consider this type of attack to be QA (not invalid, but highly unlikely). |
|
How about this... does anyone have an example of a situation like this happening in the wild? How long did it last? What was the impact on the protocol? |
I propose that we consider the following griefing attack vectors to always be QA:
The text was updated successfully, but these errors were encountered: