Closed sherlock-admin2 closed 6 months ago
sherlock-admin2
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid The lenght of the validatorIDs is controlled by a governance which is considered trusted according to sherlock rules VIII number 4 under "exceptions"
nevillehuang
commented
7 months ago @rogarcia @CergyK To my knowledge, there will only be an estimated 10 validators at any instance based on this comment. Also adding new validators can only be done via governance where governor is trusted. So I believe this is invalid/low severity
nevillehuang
commented
6 months ago Confirmed with sponsor that 256 distinct validators is a valid upper limit for validators, and worse case scenario system would continue to operate with 256 validators no issue.
cergyk
medium
BlockSpecimenProofChain::_finalizeWithParticipants Finalization can be bricked if number of validators is greater than 256
Summary
Finalization can be bricked if there exists more than 256 validators in the system
Vulnerability Detail
If there exists a validator with id > 255, and the producer submits a block specimen for the session, we can see that this line reverts with an underflow: https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/BlockSpecimenProofChain.sol#L452
This means that the finalization for that block will be bricked undefinitely, and since it reverts during this function, it is not even possible to mark it as
to auditand recover.Impact
The block specimen finalization can be bricked undefinitely.
Code Snippet
Tool used
Manual Review
Recommendation
Please consider reusing validator IDs to keep this bitmask (and if number of validators which can simultaneously exist is guaranteed to be less than 256)