Lucene search
K

4 matches found

Code423n4
Code423n4
added 2022/05/09 12:0 a.m.12 views

updateValset() Insufficient validation of new validator set may brick the contract

Lines of code Vulnerability details In Gravity.solupdateValset, while the signatures of the current validators are verified and = powerThreshold is checked, there is one important validation should be done: check the cumulative power of the new validator set to ensure the contract has sufficient...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.9 views

Missing powerThreshold validation in function updateValset(in Gravity.sol) could cause the contract non-functional

Lines of code Vulnerability details Impact When the cumulative power of validators in newValset is less than or equal to statepowerThreshold, the checkValidatorSignatures function would fail. Eventually, submitBatch, submitLogicCall & updateValset would fail for the new set of validators. This wi...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.14 views

No cumulative power check when updating valset

Lines of code Vulnerability details Impact When batches are submitted by validators in the current valset, they are checked for validity based on signatures and cumulative powers. Each validator in the valset has an associated power which can give certain validators more voting power than others...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.4 views

cumulativePower check should be inclusive

Handle pauliax Vulnerability details Impact Based on my understanding cumulativePower checks should be inclusive to indicate when the threshold is met. Otherwise, there might be impossible to reach it in certain cases e.g. when 100% power is required. Replace '' with '=' in constructor and functi...

6.9AI score
Exploits0
Rows per page
Query Builder