contracts-bedrock: seize and split gas management

Ensure that a constant amount of gas is passed to each account when splitting up the seized bond. We can assume that the recipients will be able to receive ether with 30,000 gas. It is the end user's fault if they do funny business in a fallback function and cannot receive the ether. We also cannot revert if the transfer fails because a malicious entity could prevent all other entities from receiving their funds. Previously, the amount of gas sent to each recipient was different and also based on the amount of gasleft in the execution. The problem with using gasleft here is that gas estimation will result in enough gas being used for the most gas guzzling call to be used for each of the calls.

contracts-bedrock: seize and split gas management
Ensure that a constant amount of gas is passed to each account when splitting up the seized bond. We can assume that the recipients will be able to receive ether with 30,000 gas. It is the end user's fault if they do funny business in a fallback function and cannot receive the ether. We also cannot revert if the transfer fails because a malicious entity could prevent all other entities from receiving their funds. Previously, the amount of gas sent to each recipient was different and also based on the amount of gasleft in the execution. The problem with using gasleft here is that gas estimation will result in enough gas being used for the most gas guzzling call to be used for each of the calls.
4440ecbf · Mark Tyneway · 7dea0cf0 · 4440ecbf
Commit 4440ecbf authored May 22, 2023 by Mark Tyneway
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 8 deletions

BondManager.sol packages/contracts-bedrock/contracts/dispute/BondManager.sol +18 -8

No files found.
--- a/packages/contracts-bedrock/contracts/dispute/BondManager.sol
+++ b/packages/contracts-bedrock/contracts/dispute/BondManager.sol
@@ -13,7 +13,9 @@ import { IDisputeGameFactory } from "./IDisputeGameFactory.sol";
 * @notice The Bond Manager serves as an escrow for permissionless output proposal bonds.
 */
 contract BondManager {
-    // The Bond Type
+    /**
+     * @notice The Bond Type
+     */
    struct Bond {
        address owner;
        uint256 expiration;
@@ -58,6 +60,13 @@ contract BondManager {
     */
    IDisputeGameFactory public immutable DISPUTE_GAME_FACTORY;

+    /**
+     * @notice Amount of gas used to transfer ether when splitting the bond.
+     *         This is a reasonable amount of gas for a transfer, even to a smart contract.
+     *         The number of participants is bound of by the block gas limit.
+     */
+    uint256 private constant TRANSFER_GAS = 30_000;
+
    /**
     * @notice Instantiates the bond maanger with the registered dispute game factory.
     * @param _disputeGameFactory is the dispute game factory.
@@ -147,13 +156,14 @@ contract BondManager {

        uint256 len = _claimRecipients.length;
        uint256 proportionalAmount = b.amount / len;
-        for (uint256 i = 0; i < len; i++) {
-            bool success = SafeCall.send(
-                payable(_claimRecipients[i]),
-                gasleft() / len,
-                proportionalAmount
-            );
-            require(success, "BondManager: Failed to send Ether.");
+        // Send the proportional amount to each recipient. Do not revert if a send fails as that
+        // will prevent other recipients from receiving their share.
+        for (uint256 i; i < len; i++) {
+            SafeCall.send({
+                _target: payable(_claimRecipients[i]),
+                _gas: TRANSFER_GAS,
+                _value: proportionalAmount
+            });
        }
    }