search

sherlock-audit / 2024-02-optimism-2024-judging

5 stars 4 forks source link

bigbick123456789000 - `blacklistDisputeGame` function will blacklist correctly resolved dispute games #56

Closed sherlock-admin2 closed 5 months ago

sherlock-admin2 commented 6 months ago

bigbick123456789000

medium

blacklistDisputeGame function will blacklist correctly resolved dispute games

Summary

The vulnerability in the OptimismPortal2 contract stems from the lack of verification in the blacklistDisputeGame function, allowing any dispute game to be blacklisted without ensuring that it has resolved incorrectly. This oversight can lead to potential disruptions in system operation and undermine the integrity and functionality of the optimistic rollup system.

Vulnerability Detail

The vulnerability lies in the blacklistDisputeGame function of the OptimismPortal2 contract. This function allows any dispute game to be blacklisted without verifying whether the dispute game has actually resolved incorrectly. The lack of verification means that correctly resolved dispute games can also be blacklisted, leading to potential denial of service or other unintended consequences.

 /// @notice Blacklists a dispute game. Should only be used in the event that a dispute game resolves incorrectly.
    /// @param _disputeGame Dispute game to blacklist.
    function blacklistDisputeGame(IDisputeGame _disputeGame) external {
        require(msg.sender == guardian(), "OptimismPortal: only the guardian can blacklist dispute games");
        disputeGameBlacklist[_disputeGame] = true;
    }

The function blacklistDisputeGame does not check whether the dispute game being blacklisted has resolved incorrectly. It only checks whether the sender is the guardian, who has the authority to perform this action. Without verification of resolution correctness, the function can be misused to blacklist dispute games arbitrarily, regardless of their resolution status. This means that dispute games that have resolved correctly can also be blacklisted, which may lead to unintended consequences such as blocking legitimate transactions or impairing the functionality of the system. The vulnerability contradicts the documentation's guidance that the function should only be used in the event that a dispute game resolves incorrectly. By allowing any dispute game to be blacklisted without verification, the contract deviates from the intended usage specified in the documentation.

Impact

Arbitrarily blacklisting dispute games, including those that have resolved correctly, can disrupt the operation of the system. Legitimate transactions may be blocked, leading to a denial of service for users. Also, Blacklisting correctly resolved dispute games may impair the functionality of the system by preventing valid transactions from being processed or by interfering with the resolution of future disputes.

Code Snippet

OptimismPortal2.sol#L440-L443

Tool used

Manual Review

Recommendation

Modify the blacklistDisputeGame function to verify the resolution status of the dispute game before allowing it to be blacklisted. This can be achieved by checking whether the dispute game has resolved incorrectly based on its status or other relevant parameters.

nevillehuang commented 5 months ago

Invalid, guardian role are trusted to execute this specific action correctly