Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsafe MASP Transaction Validation #1374

Closed
Tracked by #2020
murisi opened this issue May 15, 2023 · 1 comment
Closed
Tracked by #2020

Unsafe MASP Transaction Validation #1374

murisi opened this issue May 15, 2023 · 1 comment
Assignees
@murisi
Labels
bug Something isn't working MASP security

Comments

@murisi
Copy link
Collaborator

murisi commented May 15, 2023

Some of the code executed during MASP transaction validation is unsafe and could be exploited to crash a node. More specifically, the following lines may be problematic:

  • Spend description zero-knowledge proof reading at:

    namada/shared/src/ledger/masp.rs

    Line 101 in 8e830ef

    bellman::groth16::Proof::read(spend.zkproof.as_slice()).unwrap();
    . A client may inadvertently or maliciously place an invalid spend description ZK-proof into a transaction causing a node to crash. More specifically, placing invalid group elements into the ZK-proof could trigger crashing.
  • Analogous issue to above, but for output descriptions at:

    namada/shared/src/ledger/masp.rs

    Line 121 in 8e830ef

    bellman::groth16::Proof::read(output.zkproof.as_slice()).unwrap();
  • Analogous issue to above, but for convert descriptions at:

    namada/shared/src/ledger/masp.rs

    Line 138 in 8e830ef

    bellman::groth16::Proof::read(convert.zkproof.as_slice()).unwrap();
  • Spend authorization signature extraction at:

    namada/shared/src/ledger/masp.rs

    Line 108 in 8e830ef

    spend.spend_auth_sig.unwrap(),
    . A missing spend authorization signature in a transaction spend description may cause a node to crash.

Additionally, while the type conversion of sighashes (at

namada/shared/src/ledger/masp.rs

Line 156 in 8e830ef

.unwrap();
) is probably valid, it will crash a node if the MASP crate returns a vector with unexpected length. Maybe it would be better to just log an error and reject a transaction triggering this (hopefully impossible) condition?

These are the unsafe operations (acting on untrusted inputs) I've seen so far. cc @gijswijs @juped
@murisi murisi added the bug Something isn't working label May 15, 2023
@murisi murisi self-assigned this May 15, 2023
@murisi murisi added the MASP label May 15, 2023
@murisi murisi mentioned this issue May 15, 2023
Closed
@murisi murisi mentioned this issue May 24, 2023
Merged
@cwgoes cwgoes mentioned this issue Oct 20, 2023
Closed
20 tasks
@cwgoes cwgoes mentioned this issue Nov 5, 2023
Closed
7 tasks
@grarco
Copy link
Collaborator

grarco commented Dec 28, 2023

@murisi I actually think this has already been solved and can be closed

@cwgoes cwgoes closed this as completed Feb 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@murisi murisi

Labels
bug Something isn't working MASP security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@murisi @cwgoes @grarco