Lines of code

Vulnerability details

Impact

Validator can revert block at no cost.

Proof of Concept

the validator should only call this function on Executor.sol to revert the unexecuted blocks if the block is not really not executable.

/// @notice Reverts unexecuted blocks
/// @param _newLastBlock block number after which blocks should be reverted
/// NOTE: Doesn't delete the stored data about blocks, but only decreases
/// counters that are responsible for the number of blocks
function revertBlocks(uint256 _newLastBlock) external nonReentrant onlyValidator {
	require(s.totalBlocksCommitted > _newLastBlock, "v1"); // the last committed block is less new last block
	uint256 newTotalBlocksCommitted = _maxU256(_newLastBlock, s.totalBlocksExecuted);

	if (newTotalBlocksCommitted < s.totalBlocksVerified) {
		s.totalBlocksVerified = newTotalBlocksCommitted;
	}
	s.totalBlocksCommitted = newTotalBlocksCommitted;

	emit BlocksRevert(s.totalBlocksCommitted, s.totalBlocksVerified, s.totalBlocksExecuted);
}

However, a dishonest validator can just call this function to revert valid executable block at no cost.

Tools Used

Manual Review

Recommended Mitigation Steps

The cost for dishonest validator is minimum, even nothing. The worst things is the validator is removed as validator, but the project still need to spend resources to remedy
the damage left by validators. I think if the team let validator stake token and slash the token reward if the validator misbehave, that would contain validator’s dishonest behavior.

The text was updated successfully, but these errors were encountered:

All reactions