Open code423n4 opened 3 years ago
Valid issue, but with zero probability. Since there is nothing on the module side that currently triggers arbitrary logic.
Despite the fact that it can't currently happen this is still a good report.
reopening as per judges assessment as "primary issue" on findings sheet
Handle
nascent
Vulnerability details
Severity: Medium Likelihood: High
In
eth_oracle_main_loop
,get_last_checked_block
is called. Followed by:and may hit the code path:
But will panic at
from_log
here:It can/will also be triggered here in
check_for_events
:Attestations will be frozen until patched.
Recommendation
Implement the method.
Recommended Mitigation Steps