4 matches found
updateValset() Insufficient validation of new validator set may brick the contract
Lines of code Vulnerability details In Gravity.solupdateValset, while the signatures of the current validators are verified and = powerThreshold is checked, there is one important validation should be done: check the cumulative power of the new validator set to ensure the contract has sufficient...
Missing powerThreshold validation in function updateValset(in Gravity.sol) could cause the contract non-functional
Lines of code Vulnerability details Impact When the cumulative power of validators in newValset is less than or equal to statepowerThreshold, the checkValidatorSignatures function would fail. Eventually, submitBatch, submitLogicCall & updateValset would fail for the new set of validators. This wi...
No cumulative power check when updating valset
Lines of code Vulnerability details Impact When batches are submitted by validators in the current valset, they are checked for validity based on signatures and cumulative powers. Each validator in the valset has an associated power which can give certain validators more voting power than others...
cumulativePower check should be inclusive
Handle pauliax Vulnerability details Impact Based on my understanding cumulativePower checks should be inclusive to indicate when the threshold is met. Otherwise, there might be impossible to reach it in certain cases e.g. when 100% power is required. Replace '' with '=' in constructor and functi...