sherlock-audit / 2024-06-allora-judging

0 stars 0 forks source link

0xsi - Concurrency Issues with Goroutines in `topics_handler.go` #8

Closed sherlock-admin3 closed 4 months ago

sherlock-admin3 commented 4 months ago

0xsi

Medium

Concurrency Issues with Goroutines in topics_handler.go

Summary

There is no proper synchronization mechanism in requestTopicWorkers and requestTopicReputers. This can lead to race conditions.

Vulnerability Detail

The requestTopicWorkers and requestTopicReputers functions use goroutines to perform concurrent operations without adequate synchronization or error handling. This can lead to race conditions, data corruption, and unpredictable behavior.

Impact

Concurrent operations without proper synchronization can cause race conditions, leading to inconsistent or incorrect data states. This can affect the integrity of the blockchain operations and lead to potential security vulnerabilities.

Code Snippet

https://github.com/sherlock-audit/2024-06-allora/blob/main/allora-chain/app/topics_handler.go#L74-L78 https://github.com/sherlock-audit/2024-06-allora/blob/main/allora-chain/app/topics_handler.go#L101-L103

Tool used

Manual Review

Recommendation

Implement proper synchronization mechanisms such as mutexes or channels to handle concurrency. Ensure that shared data is protected and errors from goroutines are properly captured and handled.

Duplicate of #87

sherlock-admin4 commented 4 months ago

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

Race condition possible

sherlock-admin2 commented 3 months ago

The protocol team fixed this issue in the following PRs/commits: https://github.com/allora-network/allora-chain/pull/494