Code4renaCODE423N4:2023-05-BASE-FINDINGS-ISSUES-57Incorrect DAG generation result caused by index overflow
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
38.5%
Vulnerability details
Incorrect DAG generation result caused by index overflow
We recently found that the optimism@382d38b repository has a flaw in DAG generation for ethhash mining, which will cause miners to erroneously calculate PoW in an upcoming epoch. Specifically, if the DAG size exceeds the maximum 32-bit unsigned value, the DAG generation will produce incorrect results due to an index overflow.
The consequence of this vulnerability is the same as CVE-2020-26240.
The problem lies in line 307-311 and line 316 of l2geth/consensus/ethash/algorithm.go. Substitute the uint32 into uint64 could fix the issue.
Reported by 6004ed5feaa31ae9df36b5dbc60f0fa53255a5fb734334082c6d202405fc738c.
Assessed type
Under/Overflow
The text was updated successfully, but these errors were encountered:
All reactions
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
38.5%