[Bug]: Profitability Check Bypass Using Increased Tx Gas Limit

[dipkakwani]

Describe the bug

The profitability check can be bypassed by increasing the transaction's gas limit, while keeping the default gas price in wallet while doing a transaction.

Since the collected fees is computed in the proposer using transaction's gas limit and the current L2 base fee received from NMC, the user can modify the tx gas limit to boost this value (proposer code):

func (p *Proposer) computeL2Fees(txBatch []types.Transactions, l2BaseFee *big.Int) *big.Int {
	baseFeeForProposer := p.getPercentageFromBaseFeeToTheProposer(l2BaseFee)

	collectedFees := new(big.Int)
	for _, txs := range txBatch {
		for _, tx := range txs {
			gasConsumed := big.NewInt(int64(tx.Gas()))
			expectedFee := new(big.Int).Mul(gasConsumed, baseFeeForProposer)
			collectedFees.Add(collectedFees, expectedFee)
		}
	}

	return collectedFees
}

Once the transaction makes it to a successfully proposed batch, the actual gas used to execute this transaction might be lower and the rest of the funds will be refunded, in-effect bypassing the profitability check.

This can be easily reproduced by performing a transaction through any wallet on Surge. Since the proposer can not simulate the transaction to find out the actual gas used, it is currently using the gas specified in the transaction.

To Reproduce

1. Go to Rabby wallet, add Surge.
2. Go to advanced option and make gas limit 100x (e.g. 3150000) while doing any transaction.
3. This single transaction will be proposed in the next batch and will go through.

Platform

• Windows
• Linux
• macOS
• Other

What component/service is this issue related to?

• Bridge UI
• L1 RPC
• L2 RPC
• L1 Relayer
• L2 Relayer
• L2 Explorer
• Safe
• Documentation

Relevant Logs

No response

Have you raised this issue in our Telegram and/or Discord channels?

• Yes

Have you checked the documentation?

• Yes