Unverified solution parameters in announcer_registry
could lead to loss of rewards
Description
Announcers can periodically claim rewards from the announcer registry. These rewards are in the form of CRT tokens that are minted by the registry. When a reward claim is made, the rewards are automatically distributed to all the registered announcers. The MINT
operation, which is used to distribute rewards, expects the caller to include the following solution parameters (along with lineage and the opcode of the operation):
statutes_inner_puzzle_hash
statutes_price_updates
crt_credits_per_interval
claim_interval
issuance_coin_info
cat_mod_hash
crt_tail_hash
change_receiver_hash
offer_mod_hash
The operation calculates the rewards to be distributed per announcer and then calculates the issuance coin ID to which it sends the message to issue CRT tokens. Then it finally asserts announcement from the CAT with offer_mod_hash
as the inner puzzle to verify that the rewards are correctly distributed as follows:
issuance_coin_id (calculate-coin-id
(f issuance_coin_info)
(curry_hashes cat_mod_hash
(sha256 ONE cat_mod_hash)
(sha256 ONE crt_tail_hash)
(f (r issuance_coin_info))
)
(f (r (r issuance_coin_info)))
)
; ...
(list SEND_MESSAGE 0x3f
(concat
PROTOCOL_PREFIX
(sha256tree (c STATUTES_STRUCT (c offer_mod_hash crt_credits_per_interval)))
)
issuance_coin_id
)
; ...
(list ASSERT_PUZZLE_ANNOUNCEMENT
(sha256
(curry_hashes cat_mod_hash
(sha256 ONE cat_mod_hash)
(sha256 ONE crt_tail_hash)
offer_mod_hash
)
(sha256tree
(c
0 ; nonce
(generate-offer-assert
ANNOUNCER_REGISTRY
(/ crt_credits_per_interval announcers_count)
(if (> change_amount 0)
; we reward the mint spender with remainder if any
(list
(list
change_receiver_hash
change_amount
(list change_receiver_hash)
)
)
()
)
)
)
)
)
)
The parameters cat_mod_hash
, crt_tail_hash
, and issuance_coin_info
are provided via the solution parameters and could be different from the values expected. A malicious user could therefore grief the legitimate announcers by providing incorrect values of cat_mod_hash
, crt_tail_hash
, and issuance_coin_info
and receiving/announcing the messages from fake puzzles such that the coin spend does not fail.
Impact
Legitimate announcers might lose their rewards due to the malicious solution parameters.
Recommendations
We recommend to verify the validity of cat_mod_hash
and crt_tail_hash
from statutes announcements.
Remediation
This issue has been acknowledged by Voltage Technologies Ltd., and a fix was implemented in commit 3818d5ba↗.