search

diwakergupta / stacks-blockchain-tob-audit

GNU General Public License v3.0
0 stars 0 forks source link

`DBConn` panics are reachable #13

Open smoelius opened 4 years ago

smoelius commented 4 years ago

The following two panics appear to be reachable through normal use: https://github.com/trailofbits/x-audit-blockstack-core/blob/e2d3d5bae539d242851620e28129af6c4a9de642/src/vm/database/clarity_db.rs#L77 https://github.com/trailofbits/x-audit-blockstack-core/blob/e2d3d5bae539d242851620e28129af6c4a9de642/src/vm/database/clarity_db.rs#L86 They can be reached by modifying GET_INFO_CONTRACT (used by integration_test_get_info) to feature the following:

        (define-map block-data 
          ((height uint))
          ((stacks-hash (buff 32)) 
           (id-hash (buff 32))
           (btc-hash (buff 32))
           (vrf-seed (buff 32))
           (time uint)
           (miner-address principal)
          )
        )
        (define-private (inner-update-info (height uint))
            (let ((value (tuple 
              (stacks-hash (unwrap-panic (get-block-info? header-hash height)))
              (id-hash (unwrap-panic (get-block-info? id-header-hash height)))
              (btc-hash (unwrap-panic (get-block-info? burnchain-header-hash height)))
              (vrf-seed (unwrap-panic (get-block-info? vrf-seed height)))
              (time (unwrap-panic (get-block-info? time height)))
              (miner-address (unwrap-panic (get-block-info? miner-address height)))
             )))
             (ok (map-set block-data ((height height)) value))))
kantai commented 4 years ago

Yep -- these were stubbed panics, waiting for a PR to implement those lookups, this was resolved in https://github.com/blockstack/blockstack-core/pull/1249