CVE-2022-28937

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests...

Vetoer can veto a non-existent proposal

Lines of code Vulnerability details Impact Vetoer is allowed to veto an invalid proposalId, which would prevent that proposal from getting votes, queued or executed. Proof of Concept Here is the veto function: function vetoNounsDAOStorageV3.StorageV3 storage ds, uint256 proposalId external if...

Only the state() of the latest proposal can be checked

Lines of code Vulnerability details Impact state function cannot view the state from any proposal except for the latest one. Proof of Concept requireproposalCount = proposalId && proposalId initialProposalId, "GovernorBravo::state: invalid proposal id"; Currently proposalCount needs to be bigger ...

CVE-2022-28937

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests...

CVE-2022-28937

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests...

PT-2022-19321 · Unknown · Fisco-Bcos

Name of the Vulnerable Software and Affected Versions: FISCO-BCOS version release-3.0.0-rc2 Description: The issue allows a malicious node to cause normal nodes to stop producing new blocks and processing new clients' requests by sending an invalid proposal with an invalid header. Recommendations...