From 2b5675a91dd73593eb447b9434b4e9135f1b177f Mon Sep 17 00:00:00 2001 From: PG Herveou Date: Fri, 10 Jan 2025 16:30:54 +0100 Subject: [PATCH] Update prdoc/pr_6689.prdoc --- prdoc/pr_6689.prdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prdoc/pr_6689.prdoc b/prdoc/pr_6689.prdoc index 596713e1ca2d..f2a7cebfbf37 100644 --- a/prdoc/pr_6689.prdoc +++ b/prdoc/pr_6689.prdoc @@ -3,7 +3,7 @@ doc: - audience: Runtime Dev description: |- Update the current approach to attach the `ref_time`, `pov` and `deposit` parameters to an Ethereum transaction. - Previously we will pass these 3 parameters along with the signed payload, and check that the fees resulting from `gas x gas_price` match the actual fees paid by the user for the extrinsic. +Previously, these three parameters were passed along with the signed payload, and the fees resulting from gas × gas_price were checked to ensure they matched the actual fees paid by the user for the extrinsic This approach unfortunately can be attacked. A malicious actor could force such a transaction to fail by injecting low values for some of these extra parameters as they are not part of the signed payload.