feat: limit permissionless generic call gas usage

Author: mpetrun5

contracts/handlers/PermissionlessGenericHandler.sol

@@ -143,6 +143,7 @@ contract PermissionlessGenericHandler is IHandler {
           executeFuncSignature(address executionDataDepositor, uint[] uintArray, address addr)
      */
     function executeProposal(bytes32 resourceID, bytes calldata data) external onlyBridge returns (bytes memory) {
+        uint256        maxFee;
         uint16         lenExecuteFuncSignature;
         bytes4         executeFuncSignature;
         uint8          lenExecuteContractAddress;
@@ -151,6 +152,7 @@ contract PermissionlessGenericHandler is IHandler {
         address        executionDataDepositor;
         bytes   memory executionData;
 
+        maxFee                            = uint256(bytes32(data[0:32]));
         lenExecuteFuncSignature           = uint16(bytes2(data[32:34]));
         executeFuncSignature              = bytes4(data[34:34 + lenExecuteFuncSignature]);
         lenExecuteContractAddress         = uint8(bytes1(data[34 + lenExecuteFuncSignature:35 + lenExecuteFuncSignature]));
@@ -160,7 +162,7 @@ contract PermissionlessGenericHandler is IHandler {
         executionData                     = bytes(data[36 + lenExecuteFuncSignature + lenExecuteContractAddress + lenExecutionDataDepositor:]);
 
         bytes memory callData = abi.encodePacked(executeFuncSignature, abi.encode(executionDataDepositor), executionData);
-        (bool success, bytes memory returndata) = executeContractAddress.call(callData);
+        (bool success, bytes memory returndata) = executeContractAddress.call{gas: maxFee}(callData);
         return abi.encode(success, returndata);
     }
 }

test/handlers/generic/permissionlessExecuteProposal.js

@@ -226,6 +226,74 @@ contract(
       );
     });
 
+    it("ProposalExecution should be emitted even if gas specified too small", async () => {
+      const num = 6;
+      const addresses = [BridgeInstance.address, TestStoreInstance.address];
+      const message = Ethers.utils.hexlify(Ethers.utils.toUtf8Bytes("message"));
+      const executionData = Helpers.abiEncode(["uint", "address[]", "bytes"], [num, addresses, message]);
+
+      // If the target function accepts (address depositor, bytes executionData)
+      // then this helper can be used
+      const preparedExecutionData = await TestDepositInstance.prepareDepositData(executionData);
+      const depositFunctionSignature = Helpers.getFunctionSignature(
+        TestDepositInstance,
+        "executePacked"
+      );
+      const tooSmallGas = 500;
+      const depositData = Helpers.createPermissionlessGenericDepositData(
+        depositFunctionSignature,
+        TestDepositInstance.address,
+        tooSmallGas,
+        depositorAddress,
+        preparedExecutionData
+      );
+      const proposal = {
+        originDomainID: originDomainID,
+        depositNonce: expectedDepositNonce,
+        data: depositData,
+        resourceID: resourceID,
+      };
+      const proposalSignedData = await Helpers.signTypedProposal(
+        BridgeInstance.address,
+        [proposal]
+      );
+
+      // relayer1 executes the proposal
+      const executeTx = await BridgeInstance.executeProposal(
+        proposal,
+        proposalSignedData,
+        {from: relayer1Address}
+      );
+      // check that ProposalExecution event is emitted
+      TruffleAssert.eventEmitted(executeTx, "ProposalExecution", (event) => {
+        return (
+          event.originDomainID.toNumber() === originDomainID &&
+          event.depositNonce.toNumber() === expectedDepositNonce 
+        );
+      });
+
+      // check that deposit nonce isn't unmarked as used in bitmap
+      assert.isTrue(
+        await BridgeInstance.isProposalExecuted(
+          originDomainID,
+          expectedDepositNonce
+        )
+      );
+
+      const internalTx = await TruffleAssert.createTransactionResult(
+        TestDepositInstance,
+        executeTx.tx
+      );
+      TruffleAssert.eventNotEmitted(internalTx, "TestExecute", (event) => {
+        return (
+          event.depositor === depositorAddress &&
+          event.num.toNumber() === num &&
+          event.addr === TestStoreInstance.address &&
+          event.message === message
+        );
+      });
+    });
+
     it("call with packed depositData should be successful", async () => {
       const num = 5;
       const addresses = [BridgeInstance.address, TestStoreInstance.address];