2 matches found
Malicious operators within epoch can not be manually invalidated
Lines of code Vulnerability details Impact Messages are verified and validated by a set of operators. Operators their weights and threshold are defined per epoch and stored as a hash. Transferring operatorship which means creating a new set of valid operators creates a new epoch. Operator sets th...
Malicious relayer can execute stale transactions by spoofing validator weights/threshold in proof
Lines of code Vulnerability details Impact Transaction is submit with wrong validator information, allowing stale commands to be executed Proof of Concept This vulnerability is a result of allowing msg.sender to provide key information identifying operators. First we need to understand how the...