Unbounded originalData
can be provided
Description
The function addVerificationDetailsInternal
does not restrict the maximum size of OriginalData
in the VerificationDetails
struct. Currently, only a check is performed to ensure that OriginalData
is nonempty, and no upper bound is enforced. Attackers could potentially supply extremely large data (e.g., close to the maximum transaction size of ~1 MB) to cause elevated memory usage on nodes.
Although the system's default mempool and gas limits (e.g., max_tx_bytes = 1048576
) do mitigate excessively large transactions, repeated submissions of near--maximal-size transactions can still spam transactions with dummy data.
Impact
Attackers with sufficient resources could push repeated large transactions, potentially making nodes unresponsive or causing them to drop legitimate transactions due to limited block space.
Recommendations
Add a limit for the original data and original chain, such as
if len(details.OriginalData) > MaxOriginalDataSize {
return nil, errors.Wrap(types.ErrInvalidParam, "verification data exceeds maximum allowed size")
}
Remediation
This issue has been acknowledged by Sigma Assets GmbH, and a fix was implemented in commit 5bdea439↗.