SyncCode2017 - No validation of resolveData allowing an attacker to resolve challenges with invalid data and earn locked funds.

[sherlock-admin3]

SyncCode2017

High

No validation of resolveData allowing an attacker to resolve challenges with invalid data and earn locked funds.

Summary

No validation of the users-defined input data (resolveData) is done in 'DataAvailabilityChallenge:: resolve' function as shown below.

https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/contracts-bedrock/src/L1/DataAvailabilityChallenge.sol#L335C4-L371C6

Whatever the resolveData is, the bytes length is used to calculate the resolution cost which also determines the reward of the resolver. This function can easily be exploited by any user to consistently resolve challenges with long bytes invalid data and earn rewards.

Root Cause

No validation of the users-defined input data (resolveData) is done in 'DataAvailabilityChallenge:: resolve' function.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

Call 'DataAvailabilityChallenge:: resolve' function with any input for bytes calldata resolveData parameter.

Impact

All challenges will be resolved with long invalid data by any user so all the lockedbond will be sent to the user (resolver)

PoC

No response

Mitigation

Validate the content of the user input resolveData in 'DataAvailabilityChallenge:: resolve' function.