Description

The oracle outlier resolver puzzle communicates with the oracle by generating a condition as follows.

(list SEND_MESSAGE
  0x3f
  (concat "C" (sha256tree new_temp_ban_list) decision cooldown_interval amount)
  oracle_coin_id
)

We note that this message is generally not considered a protocol message, despite beginning with the prefix C. This is because only messages of length 33 are considered privileged.

(defun-inline is-valid-msg-cond (condition_body)
  (not
    (and
      (l condition_body)
      (l (r condition_body))
      (not (l (f (r condition_body))))
      (= (strlen (f (r condition_body))) 33)
      (= (substr (f (r condition_body)) 0 1) PROTOCOL_PREFIX)
    )
  )
)

Impact

This may be risky when maintaining the protocol, especially if condition filtering is added, as suggested in Finding . Namely, if the standard utilities for approving messages are used, the spender may be able to forge a protocol message.

Recommendations

We recommend including all components of the outlier resolution message inside the hash.

Remediation

This issue has been acknowledged by Voltage Technologies Ltd., and a fix was implemented in commit 8f4f1233↗.