Closed c4-bot-7 closed 3 months ago
141345 marked the issue as primary issue
141345 marked the issue as sufficient quality report
unhandled err could lead to panic
It returns an error only when the data of the underlying KVDB is corrupted. In this situation, panicking is the best choice rather than letting it keep running.
kvinwang (sponsor) disputed
Agree with the sponsor that panicking is the best possible behaviour in such an (unexpected) situation
OpenCoreCH marked the issue as nullified
OpenCoreCH marked the issue as unsatisfactory: Insufficient proof
OpenCoreCH marked the issue as nullified
Lines of code
https://github.com/code-423n4/2024-03-phala-network/blob/main/phala-blockchain/crates/pink/runtime/src/storage/mod.rs#L115-L119
Vulnerability details
Impact
This bug maybe cause the blockchain node panic
Proof of Concept
in this
get
function, it will accept a paramkey
and pass it intostorage(key)
function, which will returnResult<Option<StorageValue>, Self::Error>
, and call expect to extract theOption<StorageValue>
, however , It maybe returnErr
, which will make the blockchain node panichow can we get there? There is a extension function
code_exists
and the callstack will like
So If the storage is broken, we can call
code_exists
in query to cause the node panicTools Used
Manual Audit
Recommended Mitigation Steps
use match to handle error
Assessed type
DoS