Hardcoded Gas Values
Detects hardcoded gas stipends and gas limits that break when EVM gas costs change across hard forks or L2 environments.
Hardcoded Gas Values
Overview
The hardcoded gas detector identifies contracts that use fixed gas values in external calls (call{gas: 2300}, transfer(), send()), gas comparisons, or explicit gas calculations. These values become incorrect when EVM opcode costs change across hard forks (Istanbul, Berlin, Shanghai) or when contracts are deployed on L2s with different gas pricing.
Why This Is an Issue
The Istanbul hard fork (2019) increased SLOAD cost from 200 to 800 gas, breaking contracts that relied on the 2300 gas stipend provided by transfer() and send(). Receiver contracts with storage reads in their receive() function began reverting. The Berlin hard fork introduced cold/warm storage access cost differentiation, further changing gas dynamics.
On L2 rollups, gas costs differ significantly from L1. Hardcoded gas values calibrated for L1 may provide too little gas on some L2s or waste gas on others.
How to Resolve
// Before: Hardcoded 2300 gas stipend
function sendETH(address to) external {
payable(to).transfer(1 ether); // Only 2300 gas -- may fail post-Istanbul
}
// After: Forward all available gas
function sendETH(address to) external {
(bool success, ) = to.call{value: 1 ether}(""); // Forwards remaining gas
require(success, "ETH transfer failed");
}Examples
Sample Sigvex Output
{
"detector_id": "hardcoded-gas",
"severity": "medium",
"confidence": 0.85,
"description": "External call at offset 0x6c uses hardcoded gas limit of 2300 (transfer/send pattern). Post-Istanbul, receiver contracts with storage operations will fail.",
"location": { "function": "sendETH(address)", "offset": 108 }
}Detection Methodology
- Gas parameter extraction: Identifies CALL opcodes where the gas parameter is a constant rather than computed from
gasleft(). - Known value matching: Flags 2300 (transfer/send stipend), 0 (no gas), and other common hardcoded values.
- Pattern classification: Distinguishes between
transfer()pattern (2300), explicitcall{gas: N}, and assemblycall(gas, ...).
Limitations
- Some hardcoded gas values are intentional (e.g., limiting gas to prevent reentrancy in specific contexts).
- Cannot predict future hard fork gas cost changes.
Related Detectors
- Gas Griefing — gas griefing attacks
- Gas Optimization — gas optimization opportunities
- L2 Rollup — L2-specific gas pricing issues