Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Blobstream X>Discussion>Tendermint X
GeneralOverview
Findings
Critical (5)
Low (1)
Informational (2)
DiscussionTendermint XConfusing variable names
Audit ResultsSummary

Dependency on soundness of Tendermint X circuits

The in-scope CombinedSkipCircuit and CombinedStepCircuit circuits of the Blobstream X project build upon the TendermintSkipCircuit and TendermintStepCircuit circuits of the Tendermint X project in a crucial way. Vulnerabilities in those Tendermint X circuits could significantly impact soundness of the Blobstream X circuits that we audited.

As Tendermint X was not in scope for this audit, we did not review Tendermint X code. However, while trying to answer the question of whether the TendermintSkipCircuit's skip function constrains the end-block height to be larger than the start-block height (which was relevant for the in-scope CombinedSkipCircuit circuit, see Finding ref, but not clear from the name), we found two bugs in the Tendermint X circuits, described in Findings ref and ref, with Finding ref having critical impact. As we found these issues by coincidence while only skimming a small part of the Tendermint X circuit code, it appears plausible that there could be further significant vulnerabilities in the Tendermint X circuits. We thus recommend to have the TendermintSkipCircuit and TendermintStepCircuit circuits of the Tendermint X project reaudited prior to deploying Blobstream X.

Zellic © 2024Back to top ↑