Closed roleengineer closed 3 years ago
Found vulnerability in a core contracts. steps to reproduce the vulnerability:
newDispute
function with the node that is calculated
from the following states:
firstDivergentStateHash
become the initialStateHash (the path is 0), so there is no previous state that defendant can reveal.timeout
function and wins any dispute and falsifies any claim.two approaches to solve:
make impossible to open disputes with random initialStateHash:
request new parameter for newDispute
- leftProof
and make the same calculations and
requirements as it is implemented in 'reveal' function (for defendant).
Pros: no need for defendants to spend time and tx fees for useless challenge games as it is explicit
that falsifiers can't win the dispute (wrong initial state always gives wrong result).
Cons: the tx cost of newDispute
call will grow for every falsifier.
allow falsifiers to run such disputes and add another condition for defendants to win dispute, when
the Bottom is reached and the path is 0.
Pros: the newDispute
tx is stable in a cost sense.
Cons: allows to spam network and spend ETH for useless txs. Also clients implementations should be done
with the thoughts that the game should be always profitable for a winner.
The second approach was chosen to solve the vulnerability.
Bounty
Upgrade core contracts to the new solidity version. Find and fix bugs.
Scope
Deliverables
Funding Circle
General
Bounty Owner/Gardener
@roleengineer as EMO developer
Gain for the Role
Roadmap progress
Roles
bounty gardener: @roleengineer / 0 DAI bounty worker: @roleengineer / 80% bounty reviewer: @unknown / 20%
Gardener checklist
size-S
labels to this bounty