code-423n4 / 2023-11-zetachain-findings

0 stars 0 forks source link

Malicious nodes(observer) can add invalid InTxTracker #232

Closed c4-bot-2 closed 11 months ago

c4-bot-2 commented 12 months ago

Lines of code

https://github.com/code-423n4/2023-11-zetachain/blob/b237708ed5e86f12c4bddabddfd42f001e81941a/repos/node/x/crosschain/keeper/msg_server_add_to_intx_tracker.go#L15

Vulnerability details

Impact

A malicious node(observer) can add an invalid InTxTracker for a DoS attack.

Proof of Concept

In Permissionless Tx Validation Model, admin and observer can add InTxTracker without verifying proof

However, if an observer adds the wrong InTxTracker, other clients(observers) will still obtain and process the InTxTracker. The client/observer will query the transaction according to TxHash, and then try to parse the transaction log. If the parsing fails, the client will not do anything else, and the invalid InTxTracker will not be deleted. InTxTracker is deleted only after the CCTX is successfully created.

In this way, the faulty InTxTracker will continue to be retrieved by the client/observer and will continue to be unsuccessfully processed.

A malicious node(observer) can add a large number of invalid InTxTrackers, launching a DoS attack on the network and slowing it down.

Tools Used

vscode manual

Recommended Mitigation Steps

-   if !(isAdmin || isObserver) && msg.Proof != nil {
+   if !isAdmin && msg.Proof != nil {
        ....
    }

Assessed type

DoS

c4-pre-sort commented 11 months ago

DadeKuma marked the issue as insufficient quality report

c4-judge commented 11 months ago

0xean marked the issue as unsatisfactory: Insufficient proof