The signature of a validator is time bound of which after the expiration period the transaction becomes invalid, a malicious user might notice a time bound transaction made by the sub account and decide to block stuff the network until the validator signature becomes invalid, which in turn invalids the entire transaction.
This is a serious problem because stuffing a whole block with dummy transactions is very cheap on Binance Smart Chain. According to https://www.cryptoneur.xyz/en/gas-fees-calculator, 15M gas - whole block - costs $14~$15 on BSC. Because BSC is a centralized blockchain, there are no private mempools and bribes directly to the miners (like in FlashBots); hence, other users are very limited concerning the prohibitive actions.
Proof of Concept
// Ensure transaction has not expired
if (expiryEpoch < uint32(block.timestamp)) {
revert TxnExpired(expiryEpoch);
}
Validator signatures are time bound, so malicious user can terminate transactions at will on affected chain.
Tools Used
Manual
Recommended Mitigation Steps
Make the validation expiration window wide enough (yet safe) that it makes block stuffing a transaction unprofitable.
Lines of code
https://github.com/code-423n4/2023-10-brahma/blob/dd0b41031b199a0aa214e50758943712f9f574a0/contracts/src/core/PolicyValidator.sol#L100-L142
Vulnerability details
Impact
The signature of a validator is time bound of which after the expiration period the transaction becomes invalid, a malicious user might notice a time bound transaction made by the sub account and decide to block stuff the network until the validator signature becomes invalid, which in turn invalids the entire transaction.
This is a serious problem because stuffing a whole block with dummy transactions is very cheap on Binance Smart Chain. According to https://www.cryptoneur.xyz/en/gas-fees-calculator, 15M gas - whole block - costs $14~$15 on BSC. Because BSC is a centralized blockchain, there are no private mempools and bribes directly to the miners (like in FlashBots); hence, other users are very limited concerning the prohibitive actions.
Proof of Concept
Validator signatures are time bound, so malicious user can terminate transactions at will on affected chain.
Tools Used
Manual
Recommended Mitigation Steps
Make the validation expiration window wide enough (yet safe) that it makes block stuffing a transaction unprofitable.
Assessed type
Timing