Description:Description\
The MockTEERollup contract contains a public function setMinWitness that allows any user to set the minimum number of witness signatures required for validating computation proofs. This function directly calls the internal _setMinWitnessSignatures function from the TEERollup contract, which updates the minWitnessSignatures state variable.
Attack Scenario\
Denial of Service (DoS) Attack:
An attacker calls the setMinWitness function with a high value (e.g., 255).
The contract now requires 255 witness signatures for any computation proof to be validated.
Since it is impractical to gather 255 witness signatures, no computation proof can be validated, effectively halting the contract's functionality.
Lowering Security Threshold:
An attacker calls the setMinWitness function with a low value (e.g., 1).
The contract now requires only 1 witness signature for any computation proof to be validated.
The attacker can easily provide a single fraudulent witness signature, compromising the integrity of the computation proof validation process.
Attachments
Proof of Concept (PoC) File
function setMinWitness(uint8 v) public {
_setMinWitnessSignatures(v);
}
Impact
Allowing any user to set the minWitnessSignatures variable can lead to several security vulnerabilities:
Denial of Service (DoS) Attack:
An attacker can set minWitnessSignatures to an unreasonably high value, making it practically impossible to gather the required number of witness signatures. This would prevent any computation proof from being validated, effectively halting the contract's functionality.
Lowering Security Threshold:
An attacker can set minWitnessSignatures to a very low value (e.g., 1 or 0), significantly reducing the security of the computation proof validation process. This makes it easier for malicious actors to submit fraudulent proofs with minimal or no witness signatures.
Manipulation of Contract Behavior:
By frequently changing the minWitnessSignatures value, an attacker can create inconsistencies and unpredictability in the contract's behavior, potentially leading to unexpected outcomes and vulnerabilities in dependent systems.
Revised Code File (Optional)
To mitigate this issue, restrict access to the setMinWitness function by implementing an access control mechanism.
rotcivegaf
commented
3 months ago
Github username: -- Twitter username: -- Submission hash (on-chain): 0xdc3c95944f9deba03873c8b923de8543e97fbce89f3161fedd1221d96f6b8068 Severity: medium
Description: Description\ The MockTEERollup contract contains a public function setMinWitness that allows any user to set the minimum number of witness signatures required for validating computation proofs. This function directly calls the internal _setMinWitnessSignatures function from the TEERollup contract, which updates the minWitnessSignatures state variable. Attack Scenario\
Attachments
Proof of Concept (PoC) File
Impact Allowing any user to set the minWitnessSignatures variable can lead to several security vulnerabilities:
Denial of Service (DoS) Attack: An attacker can set minWitnessSignatures to an unreasonably high value, making it practically impossible to gather the required number of witness signatures. This would prevent any computation proof from being validated, effectively halting the contract's functionality.
Lowering Security Threshold: An attacker can set minWitnessSignatures to a very low value (e.g., 1 or 0), significantly reducing the security of the computation proof validation process. This makes it easier for malicious actors to submit fraudulent proofs with minimal or no witness signatures.
Manipulation of Contract Behavior: By frequently changing the minWitnessSignatures value, an attacker can create inconsistencies and unpredictability in the contract's behavior, potentially leading to unexpected outcomes and vulnerabilities in dependent systems.
Revised Code File (Optional)
To mitigate this issue, restrict access to the setMinWitness function by implementing an access control mechanism.