search

code-423n4 / 2023-10-brahma-findings

8 stars 7 forks source link

A malicious actor can Block stuff the chain until the validator signature expires. #443

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-10-brahma/blob/dd0b41031b199a0aa214e50758943712f9f574a0/contracts/src/core/PolicyValidator.sol#L100-L142

Vulnerability details

Impact

The signature of a validator is time bound of which after the expiration period the transaction becomes invalid, a malicious user might notice a time bound transaction made by the sub account and decide to block stuff the network until the validator signature becomes invalid, which in turn invalids the entire transaction.

This is a serious problem because stuffing a whole block with dummy transactions is very cheap on Binance Smart Chain. According to https://www.cryptoneur.xyz/en/gas-fees-calculator, 15M gas - whole block - costs $14~$15 on BSC. Because BSC is a centralized blockchain, there are no private mempools and bribes directly to the miners (like in FlashBots); hence, other users are very limited concerning the prohibitive actions.

Proof of Concept

    // Ensure transaction has not expired
    if (expiryEpoch < uint32(block.timestamp)) {
        revert TxnExpired(expiryEpoch);
    }

Validator signatures are time bound, so malicious user can terminate transactions at will on affected chain.

Tools Used

Manual

Recommended Mitigation Steps

Make the validation expiration window wide enough (yet safe) that it makes block stuffing a transaction unprofitable.

Assessed type

Timing

c4-pre-sort commented 1 year ago

raymondfam marked the issue as low quality report

c4-pre-sort commented 1 year ago

raymondfam marked the issue as duplicate of #317

c4-judge commented 12 months ago

alex-ppg marked the issue as unsatisfactory: Invalid