The commit_changes function in the Storage struct commits storage changes to the backend without performing any checks on the validity of the changes. It blindly accepts and commits all changes from the overlay to the backend, potentially allowing malicious or unintended changes to be committed without proper validation.
Impact
This vulnerability could lead to unauthorized modifications of storage values or the introduction of incorrect data into the blockchain state. Attackers could exploit this vulnerability to manipulate contract states, bypass access controls, or disrupt the normal operation of the smart contract system.
Proof of Concept
// Suppose an attacker maliciously modifies storage values in the overlay.
let malicious_changes = OverlayedChanges::default();
malicious_changes.insert(b"malicious_key".to_vec(), Some(b"malicious_value".to_vec()));
// Commit the malicious changes without proper validation.
storage.commit_changes(malicious_changes);
Tools Used
Manual Review
Recommended Mitigation Steps
Input Validation: Implement thorough input validation mechanisms to ensure that only valid and authorized changes are committed to the backend storage.
Lines of code
https://github.com/code-423n4/2024-03-phala-network/blob/main/phala-blockchain/crates/pink/runtime/src/storage/mod.rs#L109-L112
Vulnerability details
The
commit_changes
function in theStorage
struct commits storage changes to the backend without performing any checks on the validity of the changes. It blindly accepts and commits all changes from the overlay to the backend, potentially allowing malicious or unintended changes to be committed without proper validation.Impact
This vulnerability could lead to unauthorized modifications of storage values or the introduction of incorrect data into the blockchain state. Attackers could exploit this vulnerability to manipulate contract states, bypass access controls, or disrupt the normal operation of the smart contract system.
Proof of Concept
Tools Used
Manual Review
Recommended Mitigation Steps
Input Validation: Implement thorough input validation mechanisms to ensure that only valid and authorized changes are committed to the backend storage.
Assessed type
Access Control