Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorrect merkle validation in `process_deposit` #703

Closed
gnattishness opened this issue Jan 28, 2020 · 2 comments
Closed

Incorrect merkle validation in `process_deposit` #703

gnattishness opened this issue Jan 28, 2020 · 2 comments

Comments

@gnattishness
Copy link
Contributor

@gnattishness gnattishness commented Jan 28, 2020

What is wrong?

process_deposit accepts deposits with an invalid merkle proof as valid

if not is_valid_merkle_branch(
hash_tree_root(deposit.getDepositMessage),
deposit.proof,
DEPOSIT_CONTRACT_TREE_DEPTH,
state.eth1_deposit_index,
state.eth1_data.deposit_root,
):
## TODO: a notice-like mechanism which works in a func
## here and elsewhere, one minimal approach is a check-if-true
## and return false iff so.
## obviously, better/more principled ones exist, but
## generally require broader rearchitecting, and this is what
## mostly happens now, just haphazardly.
discard

How can it be fixed

  1. process_deposit should fail if is_valid_merkle_branch() is false e.g. return false
  2. is_valid_merkle_branch() should be called with depth=DEPOSIT_CONTRACT_TREE_DEPTH + 1 according to the spec (https://github.com/ethereum/eth2.0-specs/blob/v0.10.1/specs/phase0/beacon-chain.md#deposits)

How it was found

Discovered via beacon-fuzz (initial testing of deposit fuzzer).
Triggering case: nim-deposit-crash-5d4907f2962783d3806b93bfe1a5f4c808b1c3bf with the following beacon_states
Or the pre-processed input deposit_preprocessed_invalid_merkle.ssz can be directly passed to the nimbus harness nfuzz_deposit

@djrtwo

This comment has been minimized.

Copy link
Contributor

@djrtwo djrtwo commented Jan 28, 2020

Interesting, we have a case to cover an invalid merkle branch in the consensus tests here -- https://github.com/ethereum/eth2.0-specs/blob/7b76808a1c28dc44d449dee7619e301130066959/tests/core/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py#L228-L240

I'll see if I can figure out what the difference between this case is and why it's not adequately covered in our vectors

@tersec

This comment has been minimized.

Copy link
Contributor

@tersec tersec commented Jan 30, 2020

Feel free to re-open if this doesn't fix things.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.