Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] BatchPropose with invalid transaction can halt the network #2991

Closed
feezybabee opened this issue Jan 11, 2024 · 3 comments · Fixed by AleoNet/snarkVM#2376
Closed

[Bug] BatchPropose with invalid transaction can halt the network #2991

feezybabee opened this issue Jan 11, 2024 · 3 comments · Fixed by AleoNet/snarkVM#2376
Labels
bug Incorrect or unexpected behavior

Comments

@feezybabee
Copy link

feezybabee commented Jan 11, 2024

https://hackerone.com/reports/2311934

Summary:

BatchPropose with invalid transaction halt the network

Steps To Reproduce:

1. Use this branch: https://github.com/ghostant-1017/snarkOS/tree/demo/invalid_tx
2. Run the devnet script: `.devnet` 
3. Check the logs: ` Unable to advance to the next block - Invalid transaction found in the transactions list: Execution verification failed: Failed to verify a transition input`

Proof-of-Concept (PoC)

The BatchPropose with invalid transactions will be certified and the check_next_block will fail as the transaction is invalid

Supporting Material/References:

Logs: https://github.com/ghostant-1017/logs/blob/master/logs-20240111094535.tar.gz

Impact

Summary:

BatchPropose with invalid transaction halt the network

@feezybabee feezybabee added the bug Incorrect or unexpected behavior label Jan 11, 2024
@ghostant-1017
Copy link
Contributor

Same as the invalid Deployment transaction

@raychu86
Copy link
Contributor

Please try to reproduce this bug with the changes here - https://github.com/AleoHQ/snarkOS/pull/3083

@raychu86
Copy link
Contributor

@ghostant-1017 I've created a new proposed fix for this to just do verification for the proposals. Take a look here - https://github.com/AleoHQ/snarkOS/pull/3098. Would be helpful to think about the implications of this fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Incorrect or unexpected behavior
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants