Lack of Access Control could lead to causing outrageous gas prices to be set

[c4-bot-1]

Lines of code

https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/runtime/pallet_pink.rs#L178-L192

Vulnerability details

Proof of Concept

Take a look at https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/runtime/pallet_pink.rs#L178-L192

impl<T: Config> Pallet<T> {
  pub fn set_gas_price(price: BalanceOf<T>) {
    <GasPrice<T>>::put(price);
  }

  pub fn set_deposit_per_item(value: BalanceOf<T>) {
    <DepositPerItem<T>>::put(value);
  }

  // Similar functions exist for other storage items
}

These functions allow any account to modify the storage items by simply calling the corresponding function with the desired value. There are no checks to ensure the caller has the necessary privileges.

Impact

The provided Phala pallet contract lacks explicit access control mechanisms for modifying critical storage items like gas price, deposit values, and potentially others. This creates a security concern because any account interacting with the contract could potentially manipulate these values.

An attacker could exploit this lack of access control to:

• Disrupt System Functionality: By modifying the gas price or deposit values, an attacker could make it prohibitively expensive to execute legitimate transactions, effectively halting contract functionality.
• Gain Unfair Advantage: An attacker could potentially lower their own transaction costs by manipulating gas prices.

The severity of the impact depends on the specific use case and how these storage items are used within the Phala runtime.

Recommended Mitigation Steps

• Define roles within the Phala runtime (e.g., administrator, validator).
• Associate specific storage items with required roles.
• Modify the contract functions to perform authorization checks before modifying storage. These checks would verify if the caller has the necessary role associated with the storage item being modified.

Assessed type

Access Control

[c4-pre-sort]

141345 marked the issue as sufficient quality report

[141345]

seems invalid it is called in setup() when initialize the cluster

[kvinwang]

Only worker can call it.

[c4-sponsor]

kvinwang (sponsor) disputed

[c4-judge]

OpenCoreCH marked the issue as unsatisfactory: Invalid