Lucene search

K
githubGitHub Advisory DatabaseGHSA-WPRV-93R4-JJ2P
HistoryJun 19, 2023 - 7:46 p.m.

OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees

2023-06-1919:46:37
CWE-354
GitHub Advisory Database
github.com
15
vulnerability
merkle proof
multiproof
forging
contract
patch
workaround
merkle tree
openzeppelin
tree builder
security fix

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

35.4%

Impact

When the verifyMultiProof, verifyMultiProofCalldata, processMultiProof, or processMultiProofCalldata functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves.

A contract may be vulnerable if it uses multiproofs for verification and the merkle tree that is processed includes a node with value 0 at depth 1 (just under the root). This could happen inadvertently for balanced trees with 3 leaves or less, if the leaves are not hashed. This could happen deliberately if a malicious tree builder includes such a node in the tree.

A contract is not vulnerable if it uses single-leaf proving (verify, verifyCalldata, processProof, or processProofCalldata), or if it uses multiproofs with a known tree that has hashed leaves. Standard merkle trees produced or validated with the @openzeppelin/merkle-tree library are safe.

Patches

The problem has been patched in 4.9.2.

Workarounds

If you are using multiproofs: When constructing merkle trees hash the leaves and do not insert empty nodes in your trees. Using the @openzeppelin/merkle-tree package eliminates this issue. Do not accept user-provided merkle roots without reconstructing at least the first level of the tree. Verify the merkle tree structure by reconstructing it from the leaves.

Affected configurations

Vulners
Node
openzeppelincontracts_upgradeableRange<4.9.2
OR
openzeppelinopenzeppelin_contractsRange<4.9.2

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

35.4%

Related for GHSA-WPRV-93R4-JJ2P