A malicious node(observer) can add an invalid InTxTracker for a DoS attack.
Proof of Concept
In Permissionless Tx Validation Model,
admin and observer can add InTxTracker without verifying proof
However, if an observer adds the wrong InTxTracker, other clients(observers) will still obtain and process the InTxTracker.
The client/observer will query the transaction according to TxHash, and then try to parse the transaction log. If the parsing fails, the client will not do anything else, and the invalid InTxTracker will not be deleted.
InTxTracker is deleted only after the CCTX is successfully created.
In this way, the faulty InTxTracker will continue to be retrieved by the client/observer and will continue to be unsuccessfully processed.
A malicious node(observer) can add a large number of invalid InTxTrackers, launching a DoS attack on the network and slowing it down.
Tools Used
vscode manual
Recommended Mitigation Steps
- if !(isAdmin || isObserver) && msg.Proof != nil {
+ if !isAdmin && msg.Proof != nil {
....
}
Lines of code
https://github.com/code-423n4/2023-11-zetachain/blob/b237708ed5e86f12c4bddabddfd42f001e81941a/repos/node/x/crosschain/keeper/msg_server_add_to_intx_tracker.go#L15
Vulnerability details
Impact
A malicious node(observer) can add an invalid
InTxTracker
for a DoS attack.Proof of Concept
In Permissionless Tx Validation Model, admin and observer can add
InTxTracker
without verifying proofHowever, if an observer adds the wrong InTxTracker, other clients(observers) will still obtain and process the InTxTracker. The client/observer will query the transaction according to TxHash, and then try to parse the transaction log. If the parsing fails, the client will not do anything else, and the invalid
InTxTracker
will not be deleted.InTxTracker
is deleted only after the CCTX is successfully created.In this way, the
faulty InTxTracker
will continue to be retrieved by the client/observer and will continue to be unsuccessfully processed.A malicious node(observer) can add a large number of
invalid InTxTrackers
, launching a DoS attack on the network and slowing it down.Tools Used
vscode manual
Recommended Mitigation Steps
Assessed type
DoS