Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RandomizerVRF.sol: malicious function admin can set invalid keyhash to DoS randomness generation #1704

Closed
c4-submissions opened this issue Nov 13, 2023 · 5 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@c4-submissions
Copy link
Contributor

c4-submissions commented Nov 13, 2023

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/RandomizerVRF.sol#L79-L82
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/RandomizerVRF.sol#L52-L63

Vulnerability details

Impact

Malicious function admin can set an invalid keyhash so that randomness generation will be DoSed. The idea is similar to this finding: code-423n4/2022-12-forgeries-findings#101

Proof of Concept

Malicious function admin can call updatecallbackGasLimitAndkeyHash() to set an invalid keyhash:

    function updatecallbackGasLimitAndkeyHash(uint32 _callbackGasLimit, bytes32 _keyHash) public FunctionAdminRequired(this.updatecallbackGasLimitAndkeyHash.selector){
        callbackGasLimit = _callbackGasLimit;
        keyHash = _keyHash;
    }

This keyhash will be used to send randomness generation requests to Chainlink VRF:

    function requestRandomWords(uint256 tokenid) public {
        require(msg.sender == gencore);
        uint256 requestId = COORDINATOR.requestRandomWords(
            keyHash,
            s_subscriptionId,
            requestConfirmations,
            callbackGasLimit,  
            numWords
        );
        tokenToRequest[tokenid] = requestId;
        requestToToken[requestId] = tokenid;
    }

Since there is no check on validity of keyhash, calls to requestRandomWords() will always revert if keyHash is invalid, hence randomness generation will be DoSed.

Tools Used

Manual review

Recommended Mitigation Steps

Validate keyhash inside updatecallbackGasLimitAndkeyHash(). Compare the new keyhash with a whitelisted possible keyhashes.

Assessed type

Invalid Validation

@c4-submissions c4-submissions added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Nov 13, 2023
c4-submissions added a commit that referenced this issue Nov 13, 2023
@c4-pre-sort
Copy link

141345 marked the issue as sufficient quality report

@c4-pre-sort c4-pre-sort added the sufficient quality report This report is of sufficient quality label Nov 16, 2023
@c4-sponsor
Copy link

a2rocket (sponsor) disputed

@c4-sponsor c4-sponsor added the sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue label Nov 24, 2023
@a2rocket
Copy link

admins are trusted roles.

@alex-ppg
Copy link

alex-ppg commented Dec 7, 2023

The Warden specifies that an administrator can set an invalid key hash for Chainlink requests, falling under the category of reckless administrator mistakes per the relevant SC ruling as there is no incentive for the administrator to do so. Such a submission is relevant in an Analysis report and irrelevant when assessing actual vulnerabilities of the protocol.

The precedence cited is of a project over a year ago when Analysis reports were not an option / dedicated section of the fund pool. As such, I do not consider the citation valid and maintain my "invalid" judgment.

@c4-judge c4-judge closed this as completed Dec 7, 2023
@c4-judge
Copy link

c4-judge commented Dec 7, 2023

alex-ppg marked the issue as unsatisfactory:
Invalid

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Development

No branches or pull requests

7 participants