search

sherlock-audit / 2024-02-optimism-2024-judging

4 stars 3 forks source link

OMEN - IF there is reorg happen , creator of dispute game will lose funds even when it's valid root claim #136

Closed sherlock-admin4 closed 5 months ago

sherlock-admin4 commented 5 months ago

OMEN

medium

IF there is reorg happen , creator of dispute game will lose funds even when it's valid root claim

Summary

challenger will win the dispute game even though it was valid root claim

Vulnerability Detail

A chain reorganization, or “reorg,” happens when validators disagree on the most accurate version of the blockchain. Reorgs occurs when multiple blocks happen to be produced at the same time, if there is a bug, or due to a malicious attack. Reorgs eliminate the weaker duplicate blockchain. The longer a reorg lasts, the more expensive it becomes to handle.

Blockchain reorgs result in a block being removed from the blockchain since a longer chain has been created. This further results in different miners working on adding blocks of transactions with similar difficulty to the chain simultaneously.

This happens because the miner that adds to the next block has to make a decision on which side of the fork is the correct or canonical chain. Once the miners or validators have chosen the fork or canonical chain, the other chain will be lost.

A reorganization attack refers to nodes receiving blocks from a new chain while the old chain continues to exist. In this case, the chain would be split and create a fork, or a duplicate version of the blockchain.

When creating dispute game , there would be consisting of root claim which is hash of version ,stateRoot ,messagePasserStorageRoot and latestBlockhash . let's assume user create dispute game with valid root claim . However there is reorg happpened , stateRoot ,messagePasserStorageRoot and latestBlockhash are subject to change . So root claim hash will also be changing .So anyone come dispute and claim the funds of creator easily .

Impact

valid root claim disputer will lose funds if there is reorg occur

Code Snippet

https://github.com/sherlock-audit/2024-02-optimism-2024/blob/main/optimism/packages/contracts-bedrock/src/dispute/DisputeGameFactory.sol#L106-L107

Tool used

Manual Review

Recommendation

pls consider the fact about reorg at eth mainnet

nevillehuang commented 5 months ago

Invalid based on sherlock rules

  1. Chain re-org and network liveness related issues are not considered valid.
irving4444 commented 5 months ago

I accept the fact this report is invalid based on rule . However , this report is identical to #152 which has sponsor confirmed badge and in this report , there 's sponsor disputed badge . why is that?