-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EVM RPC errors may lead to missed inbound transactions #397
Comments
DadeKuma marked the issue as duplicate of #485 |
DadeKuma marked the issue as sufficient quality report |
DadeKuma marked the issue as duplicate of #416 |
0xean changed the severity to 3 (High Risk) |
0xean marked the issue as satisfactory |
While it seems that this submission is a dupe of #416, it is actually different in the sense that #416 is about an error (maliciously/purposefully) caused by However, here in this submission, the issue is rather that the underlying EVM RPC calls (in According to Verdict: Similar exploits under a single issue from the C4 Supreme Court Session, fixing the outlined root causes in #416 and its dupe #485 (replacing For the above-mentioned reasons, I would like to request a second look at this submission. Thanks a lot! |
@berndartmueller - thanks for the comment and referencing the C4 docs. While I understand your argument, I disagree. The issue isn't a single line of code, in a broader context the issue is the function isn't handling errors correctly and the early return needs to be corrected to handle all possible states.
I would argue that a "reasonable" fix to this function would resolve both of these issues. |
Lines of code
https://github.com/code-423n4/2023-11-zetachain/blob/b237708ed5e86f12c4bddabddfd42f001e81941a/repos/node/zetaclient/evm_client.go#L846
https://github.com/code-423n4/2023-11-zetachain/blob/b237708ed5e86f12c4bddabddfd42f001e81941a/repos/node/zetaclient/evm_client.go#L883
Vulnerability details
Impact
Inbound transactions may be missed and are not voted upon by observers, potentially leading to a loss of funds.
Proof of Concept
ZetaChain observers watch external EVM chains via the
ExternalChainWatcher
function that internally calls theobserveInTX
function on eachob.GetCoreParams().InTxTicker
ticker.The
observeInTX
function performs multiple tasks:ZetaSent
) logsThe queried blocks are bound by the range of
startBlock
andtoBlock
, which are set in lines809-810
. ThestartBlock
is the previously processedtoBlock
(i.e., retrieved viaob.GetLastBlockHeightScanned()
), incremented by 1.At the end of the function, in line
988
, thetoBlock
is set as the newlastBlockHeightScanned
.However, in lines
846
and883
, an earlyreturn
statement would skip the current tasks and would still proceed to store thetoBlock
as the newlastBlockHeightScanned
, even though the blocks (and their logs) have not been fully processed.This can be the case if the used RPC has temporary issues and the
FilterZetaSent
orFilterDeposited
functions return an error.Tools Used
Manual review
Recommended mitigation steps
Consider only updating the
lastBlockHeightScanned
if all tasks have been completed successfully to ensure all logs have been processed successfully and observers vote on all inbound transactions.Assessed type
Error
The text was updated successfully, but these errors were encountered: