Open code423n4 opened 2 years ago
This is valid, dealing with nonces as big-ints is something of a pain and it's reasonable to not expect these values to go over u64 max. I believe with nonce increase limitations as described in #32 this can be mitigated.
Low risk since this is very costly/impractical to make happen
reopening as per judges assessment as "primary issue" on findings sheet
Handle
nascent
Vulnerability details
[M-01] Downcasting Can Freeze The Chain
Severity: Medium Likelihood: Low
The function
utils::downcast_uint256() -> Option<u64>
returnsNone
if the input value is greater thanU64MAX
. If the value being downcast is read from a contract (e.g. a nonce), and the contract could be put into such a state where aUint256
is set to higher value, this will cause all nodes to halt execution upon reading this value, requiring a patch to reenable the bridge.Recommendation
Change the signature of
downcast_uint256()
to return aResult<>
, and/or remove anyunwrap()
s of the result.