c4-pre-sort
commented
3 months ago 141345 marked the issue as duplicate of #80
Closed c4-bot-2 closed 3 months ago
c4-pre-sort
commented
3 months ago 141345 marked the issue as duplicate of #80
c4-judge
commented
3 months ago OpenCoreCH marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-03-phala-network/blob/main/phala-blockchain/crates/pink/runtime/src/storage/external_backend.rs#L34
Vulnerability details
Impact
Detailed description of the impact of this finding. k[k.len() - 32.. k.len() can be less than 32.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
impl CommitTransaction for ExternalBackend { fn commit_transaction(&mut self, root: Hash, mut transaction: BackendTransaction) {
let changes = transaction
.drain()
.into_iter()
@> .map(|(k, v)| (k[k.len() - 32..].to_vec(), v))
.collect();
OCallImpl.storage_commit(root, changes)
}
}
Tools Used
Recommended Mitigation Steps
check that k.len() > 32
Assessed type
Context