Closed c4-bot-6 closed 4 months ago
razzorsec (sponsor) disputed
We consider this issue invalid,
since the precompile implementation in Geth fails on error or returns blobPrecompileReturnValue
on success which is a 64bytes array of FIELD_ELEMENTS_PER_BLOB
& BLS_MODULUS
. A similar pattern was observed in other nodes.
The Warden specifies that the EIP-4844 precompile invoked by the Executor::_pointEvaluationPrecompile
function is insecurely done so due to not validating the output's length or both of the outputs expected.
The EIP-4844 definition itself does not instruct on how to validate calls to the precompile, it simply denotes how the precompiles should behave. As such, how a call to the precompile is validated is up to integrators.
The only return
outlined in the precompile is the following:
# Return FIELD_ELEMENTS_PER_BLOB and BLS_MODULUS as padded 32 byte big endian values
return Bytes(U256(FIELD_ELEMENTS_PER_BLOB).to_be_bytes32() + U256(BLS_MODULUS).to_be_bytes32())
This represents a return of two constant
variables that are 64 bytes in length total. By parsing the BLS_MODULUS
argument as part of an ABI decode call as presently performed in the code (abi.decode(data, (uint256, uint256))
), we are implicitly validating that the length is at least 64
bytes.
Whether both the FIELD_ELEMENTS_PER_BLOB
and the BLS_MODULUS
variables should be validated can be argued, and in this circumstance, I do not believe any flaw or vulnerability can actively arise from validating only the latter of the two.
I appreciate the Warden's due diligence, but can only consider the exhibit as a QA recommendation at this point based on the EIP's description.
alex-ppg changed the severity to QA (Quality Assurance)
alex-ppg marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-03-zksync/blob/4f0ba34f34a864c354c7e8c47643ed8f4a250e13/code/contracts/ethereum/contracts/state-transition/chain-deps/facets/Executor.sol#L605-L619
Vulnerability details
Impact
Function
Executor.sol#_pointEvaluationPrecompile()
does not work as expected due to missing constraint checking for the returned result.Proof of Concept
64 bytes
, which is the sum ofthe first 32 bytes
areBytes(U256(FIELD_ELEMENTS_PER_BLOB).to_be_bytes32()
andthe last 32 bytes
areU256(BLS_MODULUS).to_be_bytes32()
.Executor.sol#_pointEvaluationPrecompile()
: heredata
value is calculated there is no checking forthe length of data = 64
.BLS_MODULUS
instead of being checked withFIELD_ELEMENTS_PER_BLOB and BLS_MODULUS
.This can lead to unexpected precompilation results .
Tools Used
Manual review and https://eips.ethereum.org/EIPS/eip-4844#point-evaluation-precompile
Recommended Mitigation Steps
Consider change to :
uint32 FIELD_ELEMENTS_PER_BLOB = 4096
.Assessed type
Other