Closed code423n4 closed 2 years ago
This is a good bug report highlighting a real oversight. We do check that all validator powers add up to the expected amount on the Gravity module side but there's no reason not to perform that same check on this side.
I would describe this bug as high risk but low probability since it would require this normalization code to fail as well.
Semi duplicate in #51 which also describes this issue. Duplicate of #37
Handle
shw
Vulnerability details
Impact
The
updateValset
function does not check whether the new valset has sufficient power to pass a vote (see theconstructor
for more details). If the new valset does not, any function callingcheckValidatorSignatures
will be disabled (since the transaction reverts).Proof of Concept
Referenced code: Gravity.sol#L224 Gravity.sol#L584-L590
Recommended Mitigation Steps
Add a check to ensure that the total power of the new valset is at least the power threshold.