The efficiency of gas consumption should be taken into account not only in terms of optimization but also in terms of safety to avoid possible exhaustion. Smart contracts by nature have different limitations that, if they are not taken into account, can cause different vulnerabilities.
Ensure that a verified contract satisfies the following high-level requirements:
- The use of gas is optimized and unnecessary losses are prevented,
- The implementation is in line with the smart contracts' limitations.
Category “G10” lists requirements related to gas and smart contract limitations.
| # | Description |
|---|---|
| G10.1 | Verify that the usage of gas in a smart contract is anticipated, defined, and has clear limitations that cannot be exceeded. Both, code structure and malicious input should not cause gas exhaustion. |
| G10.2 | Verify that there is no hard-coded amount of gas assigned to the function call (the gas prices may vary in the future). |
| G10.3 | Verify that the contract does not allow for inflating gas via "return bomb" attack. |
| G10.4 | Verify that there are no unnecessary checks that are always satisfied. |
For more information, see also:
- Gas Limit and Loops
- Insufficient gas griefing
- EIP 150: Gas cost changes for IO-heavy operations
- Return bomb attack explained
Request an audit of your project by SCSVS authors. Contact a specialist.