Description

The function addVerificationDetailsInternal does not restrict the maximum size of OriginalData in the VerificationDetails struct. Currently, only a check is performed to ensure that OriginalData is nonempty, and no upper bound is enforced. Attackers could potentially supply extremely large data (e.g., close to the maximum transaction size of ~1 MB) to cause elevated memory usage on nodes.

Although the system's default mempool and gas limits (e.g., max_tx_bytes = 1048576) do mitigate excessively large transactions, repeated submissions of near--maximal-size transactions can still spam transactions with dummy data.

Impact

Attackers with sufficient resources could push repeated large transactions, potentially making nodes unresponsive or causing them to drop legitimate transactions due to limited block space.

Recommendations

Add a limit for the original data and original chain, such as

if len(details.OriginalData) > MaxOriginalDataSize {
    return nil, errors.Wrap(types.ErrInvalidParam, "verification data exceeds maximum allowed size")
}

Remediation

This issue has been acknowledged by Sigma Assets GmbH, and a fix was implemented in commit 5bdea439↗.