jkilpatr
commented
2 years ago This is a reasonable consequence of #6
I consider it medium risk because it reduces the number of relayers active, not because of the reward assignment
Open code423n4 opened 3 years ago
jkilpatr
commented
2 years ago This is a reasonable consequence of #6
I consider it medium risk because it reduces the number of relayers active, not because of the reward assignment
loudoguno
commented
2 years ago reopening as per judges assessment as "primary issue" on findings sheet
Handle
nascent
Vulnerability details
"Large Validator Sets/Rapid Validator Set Updates May Freeze the Bridge or Relayer" can affect just the relayers & not affect the oracle in certain circumstances. This could result in valid attestations, but prevent any of the other relayers from being able to participate in the execution. While the other relayers are down from the other attack, the attacker can win all batch, logic, and valset rewards as their node is the only relayer running. This is possible because
find_latest_valsetis run in the main relayer loop and everytime tries for 5000 blocks of logs.