In the membership module the add_staking_account_candidate does not require a deposit for adding a staking account to a membership. Since the membership account is stored on-chain, an attacker could use this extrinsic to exhaust the storage of the blockchain.
Issue
In the membership module the add_staking_account_candidate has the following issues:
Anyone may call this extrinsic without even being a member.
There is no upper limit for the number of staking account candidates that can be added for a membership
Calling this extrinsic is cheap since no deposit is required.
Therefore, although each account can only call this extrinsic once, an attacker may create many accounts and call this extrinsic using each of these accounts and consequently fill up the blockchain storage.
Risk
This issue would allow an attacker to fill up the blockchain storage by adding arbitrary number of staking candidate accounts to memberships. A full storage is problematic because it could lead to an infeasible amount of storage being required to run a blockchain node.
Since anyone can call this extrinsic without much effort and fill up the blockchain storage cheaply, we consider this issue being of high severity.
Mitigation
We suggest to require a deposit for adding a staking account candidate to a membership or alternatively, limit the number of staking account candidates that can be added, to prevent attackers from filling up the blockchain storage.
Summary
In the
membership
module theadd_staking_account_candidate
does not require a deposit for adding a staking account to a membership. Since the membership account is stored on-chain, an attacker could use this extrinsic to exhaust the storage of the blockchain.Issue
In the
membership
module theadd_staking_account_candidate
has the following issues:Therefore, although each account can only call this extrinsic once, an attacker may create many accounts and call this extrinsic using each of these accounts and consequently fill up the blockchain storage.
Risk
This issue would allow an attacker to fill up the blockchain storage by adding arbitrary number of staking candidate accounts to memberships. A full storage is problematic because it could lead to an infeasible amount of storage being required to run a blockchain node.
Since anyone can call this extrinsic without much effort and fill up the blockchain storage cheaply, we consider this issue being of high severity.
Mitigation
We suggest to require a deposit for adding a staking account candidate to a membership or alternatively, limit the number of staking account candidates that can be added, to prevent attackers from filling up the blockchain storage.