You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We also added a new change on top of the previous fix and noticed more stability - https://github.com/AleoHQ/snarkOS/pull/3105. It should also fix the issue where the validator node would be stuck on an old proposal - "Proposed batch for round X is still valid.
Closing the issue now, but please feel free to reopen if you notice the fixes did not fully resolve the problem.
https://hackerone.com/reports/2287110
Summary
BFT fails to increment the storage round when syncing and gets stuck at the old round
Steps To Reproduce:
Run the
./devnet.sh
Klill the node-3 when BFT advance to
round=10
, wait serveral seconds and restart the nodeCheck the logs in validator-3.log
Proof-of-Concept (PoC)
sync_with_certificate_from_peer
, it will probably produce a block whensend_primary_certificate_to_bft
2.
ledger.current_committee
will be updated whenadvance_to_next_block
increment_to_next_round
because the check, see: https://github.com/AleoHQ/snarkOS/blob/testnet3/node/bft/src/helpers/storage.rs#L166Supporting Material/References:
Logs: https://github.com/ghostant-1017/logs/blob/master/logs-20231215175639.tar.gz
Impact
The vulnerability will cause the node be stuck.
The text was updated successfully, but these errors were encountered: