Closed sherlock-admin3 closed 4 months ago
1 comment(s) were left on this issue during the judging contest.
0xmystery commented:
Race condition possible
The protocol team fixed this issue in the following PRs/commits: https://github.com/allora-network/allora-chain/pull/494
0xsi
Medium
Concurrency Issues with Goroutines in
topics_handler.go
Summary
There is no proper synchronization mechanism in requestTopicWorkers and requestTopicReputers. This can lead to race conditions.
Vulnerability Detail
The requestTopicWorkers and requestTopicReputers functions use goroutines to perform concurrent operations without adequate synchronization or error handling. This can lead to race conditions, data corruption, and unpredictable behavior.
Impact
Concurrent operations without proper synchronization can cause race conditions, leading to inconsistent or incorrect data states. This can affect the integrity of the blockchain operations and lead to potential security vulnerabilities.
Code Snippet
https://github.com/sherlock-audit/2024-06-allora/blob/main/allora-chain/app/topics_handler.go#L74-L78 https://github.com/sherlock-audit/2024-06-allora/blob/main/allora-chain/app/topics_handler.go#L101-L103
Tool used
Manual Review
Recommendation
Implement proper synchronization mechanisms such as mutexes or channels to handle concurrency. Ensure that shared data is protected and errors from goroutines are properly captured and handled.
Duplicate of #87