Description

The Circuit protocol has an oracle that grabs data from approved announcers. During mutations, if an outlier is detected, price updates are halted while governance is given a chance to resolve the issue. In particular, users can vote on a decision (whether to accept the price) and indicate whether some announcers are to be temporarily banned.

These votes are done with the oracle outlier resolver CRT coin, which when spent announces the decision and ban list, its balance, and the time since the coin's creation.

The puzzle will also include in its conditions the output of the owner's solution to the inner puzzle. These conditions are not filtered.

Impact

As a result, the owner of the coin can insert arbitrary messages into the spend conditions. These include SEND_MESSAGE conditions that announce an incorrect balance. Thus, the owner can vote as if they had more shares.

(c
  ; ensure this coin was created before the cooldown interval
  (list ASSERT_SECONDS_RELATIVE cooldown_interval)
  (c
    ; ensure the amount is correct
    (list ASSERT_MY_AMOUNT amount)
    (if oracle_coin_id
      ; confirm this coin was spent with correct params
      (c
        (list SEND_MESSAGE
          0x3f
          (concat "C" (sha256tree new_temp_ban_list) decision cooldown_interval amount)
          oracle_coin_id
        )
        (a INNER_PUZZLE inner_solution)
      )
      ; just run the inner solution if no oracle coin id
      ; to allow the owner to exit this puzzle or change the inner puzzle
      (a INNER_PUZZLE inner_solution)
    )
  )
)

This can be accomplished either by pointing oracle_coin_id to a coin controlled by the owner (and can hence accept the message) or by setting it to 0, nil, and so on.

Recommendations

We recommend filtering the conditions of the inner puzzle to prevent the owner from inserting arbitrary messages. Note Finding .

Remediation

This issue has been acknowledged by Voltage Technologies Ltd., and a fix was implemented in commit 8f4f1233↗.