Closed c4-bot-4 closed 3 months ago
141345 marked the issue as primary issue
141345 marked the issue as sufficient quality report
inconsistent implementation for untrusted_millis_since_unix_epoch()
clearly document in the Pink runtime documentation that
untrusted_millis_since_unix_epoch
within transactions might not provide a reliable timestamp
Yes, it is documented only work in query.
We always avoid to return Err
at the chain ext api level due the limitation of ink!
that let the contract revert rather than be able to catch the error.
There should be a higher level contract sdk wrapping this funstion to return Result::Err
in TX.
kvinwang (sponsor) disputed
OpenCoreCH marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/runtime/extension.rs#L278
Vulnerability details
Proof of Concept
The Pink runtime framework employs
CallInQuery
andCallInCommand
structures for contract interaction within the runtime environment. These structures provide different implementations for theuntrusted_millis_since_unix_epoch
function, leading to potential security risks.Take a look at the following code snippets coined from
PinkExtension.rs
, sourceImpact
Evidently as hinted in Proof Of Concept:
This discrepancy can negatively impact applications that rely on timestamps within transactions:
Recommended Mitigation Steps
Always error out since this is not supported within transactions instead of returning 0, or clearly document in the Pink runtime documentation that
untrusted_millis_since_unix_epoch
within transactions might not provide a reliable timestamp.Assessed type
Context