Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lack of range checks in chain operations processing #446

Closed
mkalinin opened this issue Jan 15, 2019 · 7 comments
Closed

Lack of range checks in chain operations processing #446

mkalinin opened this issue Jan 15, 2019 · 7 comments
Labels
general:enhancement New feature or request

Comments

@mkalinin
Copy link
Contributor

Problem

There is no range checks for shard and validator_index during processing of beacon chain operations. Operation data is an inbound network data and any possible violations in this data should be strictly verified before processing it.

IMO, it's better to check ranges explicitly rather than relay on client implementation or a standard behavior that takes place when out of bound index is met.
@JustinDrake
Copy link
Contributor

Can you be more specific where range checks should be done? Are you referring for example to state.validator_registry[proposer_slashing.proposer_index]? I guess out-of-bounds accesses are considered invalid, and we could make that explicit in the spec.

@mkalinin
Copy link
Contributor Author

Here is a list of potential out-of-bounds accesses that I have discovered:

Proposer slashings

  • Let proposer = state.validator_registry[proposer_slashing.proposer_index]

Casper slashings

  • Verify that verify_slashable_vote_data(state, slashable_vote_data_1).

In verify_slashable_vote_data there is a call aggregate_pubkey([state.validators[i].pubkey for i in vote_data.custody_bit_0_indices]) which uses validator indices from slashable_vote_data_1.

Attestations

  • Verify that either attestation.data.latest_crosslink_root or attestation.data.shard_block_root equals state.latest_crosslinks[shard].shard_block_root.

Looks like shard is a part of attestation_data.

Exits

  • Let validator = state.validator_registry[exit.validator_index].

I think, general strategy of avoiding any out-of-bounds accesses from inbound data would be to check all index-like numbers against their ranges.

@JustinDrake
Copy link
Contributor

JustinDrake commented Jan 15, 2019
edited
Loading

I believe all your examples are out-of-range list accesses:

  • proposer = state.validator_registry[proposer_slashing.proposer_index]
  • validator = state.validator_registry[exit.validator_index]
  • state.validators[i].pubkey for i in vote_data.custody_bit_0_indices
  • latest_crosslinks[shard]

Those are handled by Python which throws an IndexError: list index out of range error. Are you arguing we should, for example, check shard < len(latest_crosslinks) before doing latest_crosslinks[shard]?

@mkalinin
Copy link
Contributor Author

I think that main concern is that these accesses are not spec'd. I think that a note about potential IndexError: list index out of range would, also, work.

@hwwhww hwwhww added the general:enhancement New feature or request label Jan 16, 2019
@JustinDrake
Copy link
Contributor

these accesses are not spec'd

See "code appearing in this style is to be interpreted as an algorithm defined in Python".

@mkalinin
Copy link
Contributor Author

@JustinDrake would something like this work for you? mkalinin#1

@JustinDrake JustinDrake mentioned this issue Jan 17, 2019
Closed
@JustinDrake
Copy link
Contributor

Feel free to submit a pull request for this clarification and I'll merge it in 👍

@mkalinin mkalinin mentioned this issue Jan 18, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
general:enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JustinDrake @mkalinin @hwwhww