Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No security checks in VRF might lead to compromised results #445

Closed
code423n4 opened this issue Mar 9, 2023 · 8 comments
Closed

No security checks in VRF might lead to compromised results #445

code423n4 opened this issue Mar 9, 2023 · 8 comments
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-c primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/VRFv2RNSource.sol#L32-L38
https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/RNSourceBase.sol#L17-L30

Vulnerability details

Impact

External actors such as Blockchain miners/validators could influence the randomness results.

Proof of Concept

This is part of the chainlink docs --> https://docs.chain.link/vrf/v2/security as they own against such an attack.

  1. Inside the code, the requestRandomNumber()[https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/RNSourceBase.sol#L17-L30] function could be called as many times as possible which is against chainkLink security practices as for example, the requests A,B,C will not necessary come in the order the have been called, the contract must validate them based on their request id.

  2. Also in contradictory with chainLink security standards, there is no safe block confirmation time --> https://docs.chain.link/vrf/v2/security#choose-a-safe-block-confirmation-time-which-will-vary-between-blockchains , as this could allow to miners/validators of the underlying blockchain to perform an attack where they would rewrite the chain’s history as they please to facilitate their winnings

Tools Used

Manual review, Chainlink docs

Recommended Mitigation Steps

Possible mitigation steps:

  1. Enforce a minimum cooldown 24 hours for a failed response as per chainlink docs
  2. Add a block confirmations time check
  3. Validate based on request id's all request in the order they have been called
@code423n4 code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Mar 9, 2023
code423n4 added a commit that referenced this issue Mar 9, 2023
@code423n4
StefanAndrei issue #445
fe90c64
@c4-judge c4-judge added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value downgraded by judge Judge downgraded the risk level of this issue and removed 3 (High Risk) Assets can be stolen/lost/compromised directly labels Mar 10, 2023
@c4-judge
Copy link
Contributor

thereksfour changed the severity to 2 (Med Risk)

@c4-judge
Copy link
Contributor

thereksfour marked the issue as primary issue

@c4-judge c4-judge added the primary issue Highest quality submission among a set of duplicates label Mar 10, 2023
@thereksfour
Copy link

Implementation does not meet chainlink documentation requirements

This was referenced Mar 10, 2023
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Mar 12, 2023
Closed
Closed
@TutaRicky
Copy link

  1. requestRandomNumber can be called multiple times - no, it can't. randomness is requested by the lottery contract here - https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/Lottery.sol#L133, and it uses the whenNotExecutingDraw modifier which checks that randomness was not already requested.
    Other randomness requests can only be done via the retry function or swapSource function which also enforce that they can only be called in the right terms.
  2. in contradictory with chainLink security standards, there is no safe block confirmation time - no. We have the requestConfirmations immutable param which is set on contract deployment

@c4-sponsor c4-sponsor added the sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue label Mar 14, 2023
@c4-sponsor
Copy link

TutaRicky marked the issue as sponsor disputed

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Mar 14, 2023
@c4-judge
Copy link
Contributor

thereksfour marked the issue as unsatisfactory:
Invalid

@c4-judge c4-judge added QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Mar 21, 2023
@c4-judge
Copy link
Contributor

thereksfour changed the severity to QA (Quality Assurance)

@c4-judge
Copy link
Contributor

thereksfour marked the issue as grade-c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-c primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@thereksfour @code423n4 @c4-judge @c4-sponsor @TutaRicky