TPI-1 Invalid sequence_number Check for Mempool in aptos-core
Auditor: Movebit
Code: Aptos Core
Severity: Informational
Discovery Methods: Manual Review
Status: Pending
Code Location:
protocol-units/execution/opt-executor/src/executor/transaction_pipe.rs#61-67
Descriptions:
Transactions are added to core_mempool after they have been pre-executed:
The join is checked against the sequence_number of the joining transaction:
Since the db_sequence_number passed in is transaction.sequence_number, this check does
not work, but it is not harmful because of the pre-execution check that was performed
earlier.
Suggestion:
Change the incoming parameter to the real db_sequence_number.
l-monninger
commented
1 week ago
TPI-1 Invalid sequence_number Check for Mempool in aptos-core
Auditor: Movebit Code: Aptos Core Severity: Informational Discovery Methods: Manual Review Status: Pending Code Location: protocol-units/execution/opt-executor/src/executor/transaction_pipe.rs#61-67 Descriptions: Transactions are added to core_mempool after they have been pre-executed:
The join is checked against the sequence_number of the joining transaction:
Since the db_sequence_number passed in is transaction.sequence_number, this check does not work, but it is not harmful because of the pre-execution check that was performed earlier. Suggestion: Change the incoming parameter to the real db_sequence_number.