Advances, Systems and Applications
Table 9 Summary of important findings and implications
From: Studying gas exceptions in blockchain-based cloud applications
Findings | Implications | Relevant Parties |
|---|---|---|
I. Out of gas and explicit revert are most commonly seen exceptions in Ethereum, which together account for 90% of all occurrences both in terms of exception instances as well as external transactions. | Insufficient gas limit is very common to encounter, as well as both require and assert failures. Developers and end users should pay special attention to potential gas exceptions. | BCP developers BCP end users |
II. During the infamous DoS attacks between block #2,250,000 and #2,750,000, an exploit of 58,517 transactions has triggered 150,717,728 gas exceptions (or 2,576 per transaction), which has significantly skewed the ordinary distribution of different exception types. | One transactions may trigger multiple number of gas exceptions, with use of restricted gas limit per internal call. Concentration of gas exceptions may be evidence to deliberate attacks against the platform or smart contracts. Investigation on gas exceptions should intentionally distinguish between attack related instances and other cases. | Blockchain Researchers Security Researchers |
III. Since inception, out of gas exceptions alone have caused more than 3,000 ETH losses, or approximately several hundred thousand US dollars in worth. On average, every block sees an instance of gas exception. In other words, precious transaction slots are wasted in a one-slot-per-block manner. | The accumulated negative effects of gas exceptions are huge enough that developers, end users, and operators cannot ignore. By following appropriate guidance, it is possible to save money and time for blockchain-based cloud application participants. | BCP developers BCP end users Blockchain Researchers |
IV. Even until very recently (block #8,547,396, or Spet. 14th, 2019), the frequency of gas exceptions do not see significant changes, especially in the most recent times. In other words, gas exceptions do appear in a relatively steady rate regardless of new methods or best-practices proposed for out of gas exception mitigation. | There may be several explanations. First of all, new tools or practices in gas exception mitigation are not applied broadly among relevant participants, which may results from lack of acceptance or delayed adoption. Second, smart contract code is not frequently updated, so that existing gas issues take action again and again. Thus, improve the acceptance of new approaches as well as regularly updates of contract code should be very important. | BCP developers BCP end users Blockchain Researchers |
V.By comparing smart contracts with externally owned accounts, we find the former are more susceptible to out of gas exceptions, in the sense that gas exceptions are more concentrated on smart contracts than externally owned accounts. Besides, the receivers of gas exception transactions are more concentrated on small set of contracts, whereas the senders tend to be more diverse. | A few popular smart contracts tend to send and receive large number of gas exception transactions, suggesting developers to pay more attention to gas exception related issues during contract development, such as set a larger gas limit to inter-contract invocations or add additional safeguards to unexpected gas exceptions, especially when integrating with popular established libraries. | BCP developers |
VI. The precompiled smart contract with address 0x04 (which act as identity function for inputs) is responsible for a large number of gas exceptions, although each with very little gas units, typically 3 units per (internal) transaction. Considering the mass scale and small influence, we believe this is linked to some issue of the Solidity compiler. | While we do not know the overall mechanism of this finding, it still suggests the critical role of smart contract compilers and other development tools in the cause and prevention of gas exceptions. Specifically, the developers of these tools should pay more attention to the potentially negative effect of their decisions on gas consumption issues. | Dev-tool developers |
VII. There are transactions which trigger a large number of gas exceptions during execution, whereas the external transactions themselves do not run out of gas. In other words, gas exceptions happened deep in the call stack may not cause a cascading of exceptions in certain cases, e.g., the calling contract has set a fixed small gas limit to internal transactions. | Hidden gas exceptions are of particular interest to developers and researchers. On one hand, developers should be careful when calling other contract’s functions, by setting appropriate gas limits and adding relative safeguards. On the other hand, hidden gas exceptions may be byproduct of critical vulnerabilities or attacks (like in the infamous Ethereum DoS attacks [29, 30]). | BCP developers Blockchain researchers |
VIII. A recurring reason of gas exceptions is that the transactions are given too few gas units. This can further be divided into two categories: 1) leaving no gas units for any code execution; 2) setting conservative gas limits than actual needs. | When calling smart contracts (whether from EOA or other smart contract), try to provide more gas units than it seems to consume. For example, always add an additional 5,000 units to the gas consumption result of transaction simulations, or use a sophisticated gas estimator that is proven to return a strict overestimate reading for gas consumption. | BCP developers BCP end users |
IX. According to experiment, the native gas estimator of solc tend to provide estimations of limited use in gas exception mitigation. The tool fails to produce meaningful output when encounters loops or unbounded calls, which however are the exact causes for many real-world out of gas transactions. On the other hand, online estimators should provide satisfactory results if used before each transaction, which is unfortunately not strictly followed, as shown by our results. | Always use Ethereum client’s online gas estimation functionality before submitting new transaction, and if possible, consult more tools in providing gas cost estimations. Besides, there is a need for developing and promoting new tools for gas exception mitigation, like gas-oriented code optimization as well as sophisticated gas cost estimators. | BCP developers BCP end users |