0xRobocop
commented
6 months ago Seems QA
Closed c4-bot-3 closed 6 months ago
0xRobocop
commented
6 months ago Seems QA
c4-pre-sort
commented
6 months ago 0xRobocop marked the issue as insufficient quality report
c4-pre-sort
commented
6 months ago 0xRobocop marked the issue as primary issue
OpenCoreCH
commented
6 months ago Invalid, just pasting the output without checking it does not provide any value. For instance, vulnerabilities in h2 definitely do not apply to smart contracts, but some dev dependencies that use this package.
c4-judge
commented
6 months ago OpenCoreCH marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-02-hydradx/blob/main/HydraDX-node/Cargo.toml#L1
Vulnerability details
Tools Used
Cargo Audit
Proof of Concept
After using cargo-audit, some important vulnerabilities were discovered. I recommend running
cargo-auditto see all vulnerabilities and warnings.Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the generation of reset frames on the victim endpoint. By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion, resulting in Out Of Memory (OOM) and high CPU usage. - Reference
Recommendation
Upgrade to ^0.3.24 OR >=0.4.2
Multiple issues involving quote API - Reference
Recommendation
Upgrade to >=1.3.0
Unauthenticated Nonce Increment in snow
There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message delivery by sending garbage data. - Reference
Recommendation
Upgrade to >=0.9.5
Assessed type
Other