Category: Coding Mistakes
Swap claim proof panic
High Severity
High Impact
High Likelihood
Description
The verify
method of the SwapClaim
proof ensures certain conditions with expect
statements instead of returning an error. Many of these conditions are checks on user-provided input.
These expect
s are user-reachable; as such, a user could cause a panic and crash a node.
pub fn verify(
&self,
vk: &PreparedVerifyingKey<Bls12_377>,
public: SwapClaimProofPublic,
) -> anyhow::Result<()> {
let proof =
Proof::deserialize_compressed_unchecked(&self.0[..]).map_err(|e| anyhow::anyhow!(e))?;
let mut public_inputs = Vec::new();
public_inputs.extend(
Fq::from(public.anchor.0)
.to_field_elements()
.expect("Fq types are Bls12-377 field members"),
);
...
}
Impact
Malicious attackers could supply inputs that could crash the node and cause a chain halt.
Recommendations
Change the expect
s to return Results
instead to avoid these panics.
Remediation
This issue has been acknowledged by Penumbra Labs, and a fix was implemented in commit fc9fbec7↗.