Listen to this Post
The vulnerability in the MANTRA Chain’s `x/tokenfactory` module stems from a failure to properly enforce the transaction gas limit within token send hooks. When a token transfer triggers a send hook, the hook’s execution is not constrained by the remaining gas in the original transaction context. This allows the hook’s logic to consume gas beyond what the transaction sender allocated and paid for. A malicious actor can exploit this by crafting a smart contract that performs recursive calls through these send hooks. Each recursive invocation can consume a significant amount of gas, and due to the lack of a proper gas check, this consumption is not halted by the transaction’s gas limit. This creates a multiplicative, or exponential, gas consumption attack vector, potentially leading to a chain halt by exhausting block gas resources or causing individual transactions to fail unexpectedly after consuming excessive resources, without the sender’s expectation.
Platform: MANTRA Chain
Version: < v4.0.2, v5.0.0
Vulnerability: Gas Limit Bypass
Severity: High
date: 2025-09-30
Prediction: Patch Available
What Undercode Say:
Simulating gas usage for a transaction mantrad tx bank send ... --gas 100000 Querying a transaction to check actual gas used mantrad query tx <tx-hash> | grep gas_used
// Example vulnerable hook logic pattern (conceptual)
func (k Keeper) AfterSendHook(ctx sdk.Context, fromAddr, toAddr sdk.AccAddress, amount sdk.Coin) error {
// Complex, recursive, or inefficient logic here
// is not checked against the parent tx's remaining gas.
return CallComplexWasmContract(ctx, ...) // Can exceed gas
}
How Exploit:
An attacker deploys a Wasm contract designed to recursively call back into the token send hook. A single token transfer initiates a loop of hook executions. Each call consumes gas, and the absence of a gas limit check allows the loop to continue until all block or node resources are exhausted, potentially disrupting network consensus and availability.
Protection from this CVE:
Upgrade to MANTRA Chain version 4.0.2 or 5.0.0 immediately. These patched versions enforce the transaction gas limit within the send hook execution context, preventing recursive or complex hooks from exceeding their allocated gas budget.
Impact:
Network instability, potential denial-of-service (chain halt), unexpected transaction failure due to excessive gas consumption, and financial losses for users from failed transactions.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
