Unchecked Storage Commitment

[c4-bot-8]

Lines of code

https://github.com/code-423n4/2024-03-phala-network/blob/main/phala-blockchain/crates/pink/runtime/src/storage/mod.rs#L109-L112

Vulnerability details

The commit_changes function in the Storage struct commits storage changes to the backend without performing any checks on the validity of the changes. It blindly accepts and commits all changes from the overlay to the backend, potentially allowing malicious or unintended changes to be committed without proper validation.

Impact

This vulnerability could lead to unauthorized modifications of storage values or the introduction of incorrect data into the blockchain state. Attackers could exploit this vulnerability to manipulate contract states, bypass access controls, or disrupt the normal operation of the smart contract system.

Proof of Concept

// Suppose an attacker maliciously modifies storage values in the overlay.
let malicious_changes = OverlayedChanges::default();
malicious_changes.insert(b"malicious_key".to_vec(), Some(b"malicious_value".to_vec()));

// Commit the malicious changes without proper validation.
storage.commit_changes(malicious_changes);

Tools Used

Manual Review

Recommended Mitigation Steps

Input Validation: Implement thorough input validation mechanisms to ensure that only valid and authorized changes are committed to the backend storage.

Assessed type

Access Control

[c4-pre-sort]

141345 marked the issue as insufficient quality report

[141345]

invalid overlay is from real tx

[c4-judge]

OpenCoreCH marked the issue as unsatisfactory: Invalid