Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Circuit DAO>High findings>Unverified solution parameters in ,announcer_registry, could lead to loss of rewards
GeneralOverview
Findings
Critical (4)
High (7)Incorrect STATUTES_MAX_IDX for statutes mutationMistakes in auction-collateral calculationsOutlier resolution--logic bugsUnverified solution parameters in announcer_registry could lead to loss of rewardsUnverified solution parameters in recharge_win could lead to loss of tokensMissing timestamp validation in collateral vaultUnverified MIN_DEPOSIT value
Medium (1)
Low (1)
Informational (3)
DiscussionVote aggregationTreasury-ring correctness relies on governanceConfusion of atom-announcer identityOracle-resolution votingTest code coverage
DesignDesign overviewThe statues coinGovernanceAtom announcerAnnouncer registryOracleTreasuryRecharge auctionSurplus auctionCollateral vaultSavings vaultBYC and CRT
Audit ResultsAssessment Results
Category: Business Logic

Unverified solution parameters in announcer_registry could lead to loss of rewards

High Severity
High Impact
Medium Likelihood

Description

Announcers can periodically claim rewards from the announcer registry. These rewards are in the form of CRT tokens that are minted by the registry. When a reward claim is made, the rewards are automatically distributed to all the registered announcers. The MINT operation, which is used to distribute rewards, expects the caller to include the following solution parameters (along with lineage and the opcode of the operation):

statutes_inner_puzzle_hash
statutes_price_updates
crt_credits_per_interval
claim_interval
issuance_coin_info
cat_mod_hash
crt_tail_hash
change_receiver_hash
offer_mod_hash

The operation calculates the rewards to be distributed per announcer and then calculates the issuance coin ID to which it sends the message to issue CRT tokens. Then it finally asserts announcement from the CAT with offer_mod_hash as the inner puzzle to verify that the rewards are correctly distributed as follows:

issuance_coin_id (calculate-coin-id
  (f issuance_coin_info)
  (curry_hashes cat_mod_hash
    (sha256 ONE cat_mod_hash)
    (sha256 ONE crt_tail_hash)
    (f (r issuance_coin_info))
  )
  (f (r (r issuance_coin_info)))
)

; ...

(list SEND_MESSAGE 0x3f
    (concat
        PROTOCOL_PREFIX
            (sha256tree (c STATUTES_STRUCT (c offer_mod_hash crt_credits_per_interval)))
    )
        issuance_coin_id
    )

; ...

(list ASSERT_PUZZLE_ANNOUNCEMENT
        (sha256
          (curry_hashes cat_mod_hash
              (sha256 ONE cat_mod_hash)
              (sha256 ONE crt_tail_hash)
              offer_mod_hash
          )
          (sha256tree
            (c
              0 ; nonce
              (generate-offer-assert
                ANNOUNCER_REGISTRY
                (/ crt_credits_per_interval announcers_count)
                (if (> change_amount 0)
                  ; we reward the mint spender with remainder if any
                  (list
                    (list
                      change_receiver_hash
                      change_amount
                      (list change_receiver_hash)
                    )
                  )
                  ()
                )
              )
            )
          )
        )
      )

The parameters cat_mod_hash, crt_tail_hash, and issuance_coin_info are provided via the solution parameters and could be different from the values expected. A malicious user could therefore grief the legitimate announcers by providing incorrect values of cat_mod_hash, crt_tail_hash, and issuance_coin_info and receiving/announcing the messages from fake puzzles such that the coin spend does not fail.

Impact

Legitimate announcers might lose their rewards due to the malicious solution parameters.

Recommendations

We recommend to verify the validity of cat_mod_hash and crt_tail_hash from statutes announcements.

Remediation

This issue has been acknowledged by Voltage Technologies Ltd., and a fix was implemented in commit 3818d5ba.

Zellic © 2025Back to top ↑