Closed howlbot-integration[bot] closed 4 months ago
Invalid, expected behavior. There are no advantage to do this as the honest validator can create a challenge and immediately win due to time already accumulated in the assertion.
This would lead to a direct loss of funds for the attacker?
Picodes marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/OffchainLabs/bold/blob/0420b9ddb88f71f5e86ca1b3bc256c09346b8315/contracts/src/rollup/RollupUserLogic.sol#L115
Vulnerability details
Impact
Confirmation of honest assertion can be DOSed after delay period when a malicious validator front-runs
confirmAsseertion()
to post a malicious assertion.By design, a honest validator should be able confirm assertion and withdraw bonds if there is no rival sibling after delay(1 week) period.
However, the check for rival sibling is incomplete and allows posting rival after delay period has passed.
The implication of this is that honest validator will have to get funds to create a challenge edge(which can be confirmed with time).
Due to the large amount of bond required to create assertion, honest validator might have created an assertion pool to raise funds to create assertion, with this development, honest participant is required to get funds to create an edge so that assertion will be confirmed.
Proof of Concept
The check for rivalry sibling does not include time.
Paste
testSuccessConfirmUnchallengedAssertions()
inRollup.t.sol
Test revert with error
Tools Used
Manual review and foundry.
Recommended Mitigation Steps
Assessed type
DoS