Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Solidity Bad Practices: Hardcoded Gas Amount
Abstract
The contract defines a fixed amount of gas or invokes a function with a fixed amount of gas.
Explanation
The transaction cost in terms of gas can vary based on current network conditions, for example, the gas cost of EVM (Ethereum Virtual Machine) instructions during a hard fork might significantly be affected. This can break existing functionality that relies on fixed amounts of gas or can affect transactions utilized for value transfer such as
Example 1: The following code carries out a call and specifies a fixed amount of gas.
transfer() and send(), which use a fixed amount of 2300 gas.Example 1: The following code carries out a call and specifies a fixed amount of gas.
interface ICallable {
function callMe() external;
}
contract HardcodedNotGood {
function callWithArgs() public {
callable.callMe{gas: 10000}();
}
}
References
[1] Enterprise Ethereum Alliance Gas and Gas Prices
[2] Standards Mapping - CIS Azure Kubernetes Service Benchmark 2
[3] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 5
[4] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 3
[5] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[6] Standards Mapping - Common Weakness Enumeration CWE ID 665
[7] Standards Mapping - Smart Contract Weakness Classification SWC-134
desc.structural.solidity.swc134