mitsuaki-u
commented
1 year ago Refer to: Issue # 116 on lisk-db for updates to Sparse Merkle Tree interface
Closed ishantiw closed 1 year ago
mitsuaki-u
commented
1 year ago Refer to: Issue # 116 on lisk-db for updates to Sparse Merkle Tree interface
Description
Due to a lack of validation, the
InitializeMessageRecoveryCommandcan receive the params.channel parameter as an empty string. An empty string on the value field of a query, makes theSparseMerkleTree's verifymethod perform a non-inclusion proof instead of an inclusion proof. So, by providing the empty string for params.channel, a user can prove that there exists a channel between the terminated chain and the chain receiving the message on the terminated chain's stateRoot, when one does not exist (technically the user proves that it does not exist, but the valid boolean will return true).https://github.com/LiskHQ/lisk-sdk/blob/89e7504ef5eb6183aefe576a93be3d6052e56038/framework/src/modules/interoperability/mainchain/commands/initialize_message_recovery.ts#L112-L122
This finding is of informational severity because while it bypasses the goal of the command's verification, the execute method will fail on
codec.decode<ChannelData>(channelSchema, params.channel)becauseparam.channelis an empty string and cannot be decoded. It is, however, a reminder that it may be a bad design choice to have theSparseMerkleTree's verifyfunction support both inclusion and non-inclusion proofs depending on the query value.Affected version
v6.0.0-beta.2