docs: [L-06] revokeOperator() does not protect against the double-spending allowance attack #834
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
👋 Hello ⛽📊 Gas Benchmark ReportDeployment Costs
Runtime CostsUniversalProfile owned by an 🔑 EOA🔀
|
execute scenarios - UP owned by 🔑 EOA |
⛽ Gas Usage |
|---|---|
| Transfer 1 LYX to an EOA without data | 37572 (0 ) |
| Transfer 1 LYX to a UP without data | 46265 (0 ) |
| Transfer 1 LYX to an EOA with 256 bytes of data | 42233 (0 ) |
| Transfer 1 LYX to a UP with 256 bytes of data | 57198 (12 📈❌) |
| Transfer 0.1 LYX to 3x EOA without data | 70898 (0 ) |
| Transfer 0.1 LYX to 3x UP without data | 104489 (0 ) |
| Transfer 0.1 LYX to 3x EOA with 256 bytes of data | 84910 (60 📈❌) |
| Transfer 0.1 LYX to 3x UPs with 256 bytes of data | 137173 (-36 📉✅) |
🗄️ setData scenarios
setData scenarios - UP owned by 🔑 EOA |
⛽ Gas Usage |
|---|---|
| Set a 20 bytes long value | 49909 (-12 📉✅) |
| Set a 60 bytes long value | 95243 (0 ) |
| Set a 160 bytes long value | 164391 (-12 📉✅) |
| Set a 300 bytes long value | 279284 (12 📈❌) |
| Set a 600 bytes long value | 486668 (12 📈❌) |
| Change the value of a data key already set | 32809 (0 ) |
| Remove the value of a data key already set | 27283 (0 ) |
| Set 2 data keys of 20 bytes long value | 78428 (-12 📉✅) |
| Set 2 data keys of 100 bytes long value | 260580 (24 📈❌) |
| Set 3 data keys of 20 bytes long value | 105128 (0 ) |
| Change the value of three data keys already set of 20 bytes long value | 45428 (12 📈❌) |
| Remove the value of three data keys already set | 41325 (0 ) |
🗄️ Tokens scenarios
Tokens scenarios - UP owned by 🔑 EOA |
⛽ Gas Usage |
|---|---|
| Minting a LSP7Token to a UP (No Delegate) from an EOA | 93114 (0 ) |
| Minting a LSP7Token to an EOA from an EOA | 59390 (0 ) |
| Transferring an LSP7Token from a UP to another UP (No Delegate) | 102367 (0 ) |
| Minting a LSP8Token to a UP (No Delegate) from an EOA | 159961 (0 ) |
| Minting a LSP8Token to an EOA from an EOA | 126238 (0 ) |
| Transferring an LSP8Token from a UP to another UP (No Delegate) | 151083 (0 ) |
UniversalProfile owned by a 🔒📄 LSP6KeyManager
🔀 execute scenarios
execute scenarios |
👑 main controller | 🛃 restricted controller |
|---|---|---|
| LYX transfer --> to an EOA | 64365 (0 ) | 75316 (0 ) |
| LYX transfer --> to a UP | 78508 (0 ) | 93410 (0 ) |
| LSP7 token transfer --> to an EOA | 116872 (0 ) | 131622 (0 ) |
| LSP7 token transfer --> to a UP | 250518 (0 ) | 265268 (0 ) |
| LSP8 NFT transfer --> to an EOA | 180981 (0 ) | 195731 (0 ) |
| LSP8 NFT transfer --> to a UP | 297829 (0 ) | 312579 (0 ) |
🗄️ setData scenarios
setData scenarios |
👑 main controller | 🛃 restricted controller |
|---|---|---|
| Update Profile details (LSP3Profile Metadata) | 67264 (0 ) | 77286 (0 ) |
Add a new controller with permission to SET_DATA + 3x allowed data keys: AddressPermissions[] + AddressPermissions[index] + AddressPermissions:Permissions:<controller> + AddressPermissions:AllowedERC725YDataKeys:<controller) |
209516 (0 ) | 219673 (0 ) |
Update permissions of previous controller. Allow it now to SUPER_SETDATA |
52292 (0 ) | 55298 (0 ) |
| Remove a controller: 1. decrease AddressPermissions[] Array length 2. remove the controller address at AddressPermissions[index] 3. set "0x" for the controller permissions under AddressPermissions:Permissions: |
78765 (0 ) | 90064 (0 ) |
| Write 5x new LSP12 Issued Assets | 66959 (0 ) | 101586 (0 ) |
| Update 3x data keys (first 3) | 125411 (0 ) | 159515 (0 ) |
| Update 3x data keys (middle 3) | 105499 (0 ) | 143669 (0 ) |
| Update 3x data keys (last 3) | 125411 (0 ) | 169002 (0 ) |
| Set 2 x new data keys + add 3x new controllers | 810121 (0 ) | 871921 (0 ) |
skimaharvey
approved these changes
Jan 4, 2024
Changes to gas cost
🧾 Summary (10% most significant diffs)
Full diff report 👇
|
CJ42
approved these changes
Jan 9, 2024
richtera
pushed a commit
that referenced
this pull request
Mar 6, 2024
…nding allowance attack (#834) * Advise use of increase/decrease allowance in LSP7 * docs: generate docs * docs: fix minor natspec issue --------- Co-authored-by: Jean Cvllr <31145285+CJ42@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR introduce?
📄 Documentation
PR Checklist
npm run lint&&npm run lint:solidity(solhint)npm run format(prettier)npm run buildnpm run test