Description:Description\
The VaultBitcoinWallet contract does not set the satoshiPerByte fee during deployment, which can be leveraged by users to bypass fees before the setFee function is called. This vulnerability arises because the setFee function is not invoked in the constructor, leaving the satoshiPerByte fee uninitialized until explicitly set after deployment.
Attack Scenario\
A user could exploit this vulnerability by performing transactions that bypass the fee mechanism before the setFee function is called. This could result in financial losses of protocol
Attachments
Proof of Concept (PoC) File
The constructor of the VaultBitcoinWallet contract does not include a mechanism to set the satoshiPerByte fee:
2. **Revised Code File (Optional)**
<!-- If possible, please provide a second file containing the revised code that offers a potential fix for the vulnerability. This file should include the following information:
- Comment with a clear explanation of the proposed fix.
- The revised code with your suggested changes.
- Any additional comments or explanations that clarify how the fix addresses the vulnerability. -->
- To mitigate this issue, the constructor should be modified to include a parameter for the initial fee and set it during deployment. This ensures that the fee is set immediately upon contract creation.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xa99bd68bb8f9994f1925459648a4e5caf208d243cd83ce7dacdbe72209d76551 Severity: medium
Description: Description\ The
VaultBitcoinWallet
contractdoes not set
thesatoshiPerByte
fee during deployment, which can be leveraged by users to bypass fees before thesetFee
function is called. This vulnerability arises because thesetFee
function isnot invoked
in theconstructor
, leaving thesatoshiPerByte
fee uninitialized untilexplicitly set
after deployment.Attack Scenario\ A user could exploit this vulnerability by performing transactions that bypass the fee mechanism before the setFee function is called. This could result in financial losses of protocol
Attachments
Proof of Concept (PoC) File
The constructor of the VaultBitcoinWallet contract does not include a mechanism to set the satoshiPerByte fee:
constructor( address _prover, bytes memory _offchainSigner, BitcoinUtils.WorkingScriptSet memory _loadScripts, address _queue, TxSerializerFactory _serializerFactory, RefuelTxSerializerFactory _refuelSerializerFactory, uint256 _initialFee // Add this parameter ) BitcoinAbstractWallet(_prover) RotatingKeys(keccak256(abi.encodePacked(block.number)), type(VaultBitcoinWallet).name) { btcToken = new PeggedBTC(); queue = OutgoingQueue(_queue);
}