-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trust - Loss of bond amounts on re-org attacks #201
Comments
This is the intended behavior of the contract so we have confirmed the factuality of the report and marked as "won't fix". Challenger software can handle this case offchain. |
I believe this is out of scope, given there is no network admins in mainnet and thus doesn't satisfy the the requirements for the exception
|
Escalate The finding is in-scope as Medium severity for the following reasons:
|
You've created a valid escalation! To remove the escalation from consideration: Delete your comment. You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final. |
Based on sherlock rules, I believe this is still invalid based on comments here. |
The following rule applies
Planning to reject escalation and keep issue state as is |
@nevillehuang |
Hi @Evert0x although I believe this issue could still be possibly out of scope due to it being related to resolution logic, I think @trust1995 has a point here. Re-orgs are often times out of the control of a user, and in optimisms case, this directly leads to a serious inconsistency where user would dispute a claim incorrectly (although there are safeguards). I believe that re-org issues exception could be re-considered for sherlock's scope in the future, possibly a proposal could be put up to address this per discussed, especially so when a fund loss impact is involved. |
I understand that re-org attacks are possibly more interesting to L1's or L2's than the average protocol. However, using the same judging rules as every Watson used during the contest, it would only be fair to invalidate it. As the language is clear
|
@Evert0x The language is clear, but guidelines always have exceptions. It is up to the judge to apply common sense and the contest-specific context to every verdict. Blindly following every rule will lead to injustice and counterexamples where an impact is clearly real and valuable, but is not rewarded. That is well understood in the Sherlock rulebook:
The chain re-org and liveness rule already has an exception.
The submission abides by all the criteria for that exception except the network (mainnet) does not have an admin. The intention around that criteria is that because there's no admin, we can assume actors can wait for finality before submitting a transaction, and they could not get attacked. However in the Optimism codebase, we have shown the game clock forces honest parties to respond before blocks are finalized, re-opening the vector. It is very clear that the combination of the impact, simple code fix, execution before finality, and ease of exploit make an extremely sound case for Medium severity. Judging is not clerk work, it requires making nuanced decisions and not continuously falling back on previous decisions, which were made with different contexts. Apply common sense, and determine if the submission is worthy of H/M. |
Result: The judges have the last of opinion but objectivity is held to a high regard. As the language is so clear, I believe it's the correct judgment |
Escalations have been resolved successfully! Escalation status:
|
This was initially deemed invalid by a strict interpretation of our judging guidelines ("Chain re-org and network liveness related issues are not considered valid."). This rule exists as the "blockchain is trusted" from the perspective of app builders. However, a different trust level applies when building an L1/L2. After a discussion with the lead judge and the protocol team I'm assigning Medium severity. |
The protocol team fixed this issue in the following PRs/commits: |
Trust
high
Loss of bond amounts on re-org attacks
Summary
The
move()
function lacks proper identification of the target of the move, leading to successful re-org attacks which can take the honest participant's funds.Vulnerability Detail
Participants in the game can call
attack()
,defend()
ormove()
, each accepting aparentIndex
which corresponds to the claim being challenged, and a_claim
commitment.When participants claim, they have a particular claim in mind which they wish to challenge, and then pass on that claim's index. However, between the moment they sent the TX and the moment that TX is executed, a block reorg can take place. When it occurs, the challenge corresponding to that ID may change to another challenge, which may be valid or invalid in a different way. Regardless, the participant's commitment to that
move()
will be wrong, and they stand to lose their bond amount.Chain reorgs are very prevalent in Ethereum mainnet, where the contract is deployed. You can check this index of reorged blocks on etherscan. It is incorrect to assume the attacker will wait until it achieved finality, because there's no warnings or documentation available for them to identify this as a threat. Therefore, it remains a very valid concern with reasonable hypotheticals.
Note that in high depths, the bond amount is very large, leading to a large loss of funds.
Possible flow:
Impact
Loss of bond value for honest participants of the dispute game.
Code Snippet
Tool used
Manual Review
Recommendation
Every move needs to include the key parameters which it wishes to attack/defend - the claim hash and the Position in the game tree.
The text was updated successfully, but these errors were encountered: