Assessment reports>Penumbra>High findings>Swap claim proof panic
Category: Coding Mistakes

Swap claim proof panic

High Severity
High Impact
High Likelihood

Description

The verify method of the SwapClaim proof ensures certain conditions with expect statements instead of returning an error. Many of these conditions are checks on user-provided input.

These expects are user-reachable; as such, a user could cause a panic and crash a node.

pub fn verify(
	&self,
	vk: &PreparedVerifyingKey<Bls12_377>,
	public: SwapClaimProofPublic,
) -> anyhow::Result<()> {
	let proof =
		Proof::deserialize_compressed_unchecked(&self.0[..]).map_err(|e| anyhow::anyhow!(e))?;

	let mut public_inputs = Vec::new();
	public_inputs.extend(
		Fq::from(public.anchor.0)
			.to_field_elements()
			.expect("Fq types are Bls12-377 field members"),
	);
	...
}

Impact

Malicious attackers could supply inputs that could crash the node and cause a chain halt.

Recommendations

Change the expects to return Results instead to avoid these panics.

Remediation

This issue has been acknowledged by Penumbra Labs, and a fix was implemented in commit fc9fbec7.

Zellic © 2025Back to top ↑