fix: remove onchain vulnerability in gather fuel (fuel can be stolen) #109
+47
−25
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ship equals fuel provided by pellet. now all tests pass.
scarmuega
reviewed
Dec 10, 2024
Comment on lines
+175
to
+180
|
|
||
| // gathered fuel amount must be equal to amount provided by pellet | ||
| let pellet_purpose = Spend(pellet_input.output_reference) | ||
| let pellet_redeemer: Data = Provide(amount) | ||
| expect pairs.get_all(redeemers, pellet_purpose) == [pellet_redeemer] | ||
|
|
There was a problem hiding this comment.
One of the requirements is to be able to gather less than the available pellet fuel. This is useful if you're reaching the max amount of fuel permitted by the ship.
Would this changes still support that case?
franciscojoray
requested review from
franciscojoray
and removed request for
scarmuega
franciscojoray
approved these changes
Jan 29, 2025
franciscojoray
requested review from
franciscojoray
and removed request for
franciscojoray
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In a gather fuel operation, current validation doesn't check that the amount of fuel provided by the pellet is equal to the amount of fuel gathered by the ship. So, all fuel from both the pellet and the ship can be extracted to a wallet. Example:
https://preview.cexplorer.io/tx/a53aa9ba30e6ce6168403765fd103d73db86ed1b207e950a3ac542dbcce951b1
For the same reason, it is also possible to add external fuel to any ship. Example: https://discord.com/channels/946071061567529010/1214742273871319040/1315704064620630066
In this PR I provide the fix by checking that the amounts in both redeemers match. Another possible solution is to remove the amounts in the redeemers and do the checks over the values directly.
I also provide a couple of tests for the fix.