You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently there is a vulnerability by which the operator burns and mints in the same transaction which allows him to by-pass the validator's checks that all tokens must go to the dParameter validator and smuggle tokens out of the contracts. This is due to the contract's dangerous use of currencySymbolValueOf.
I suggest you introduce the following checks to the DParameterMP:
Each output to the dParameter validator address:
i. contains exactly 1 DParameterToken
ii. contains an inline datum that correctly decodes into DParameterValidatorDatum
case (txOutDatum datum) ofOutputDatum d ->let fields = (BI.snd.BI.unsafeDataAsConstr) d
permissionedCandidatesCount =BI.head fields
pccTail =BI.tail fields
registeredCandidatesCount =BI.head pccTail
in (BI.null pccTail) && (BI.unsafeDataAsI permissionedCandidatesCount >0) && (BI.unsafeDataAsI registeredCandidatesCount >0)
The transaction either mints or burns tokens, it does not do both. The current use of currencySymbolValueOf allows for an exploit where the operator burns and mints DParameter tokens in the same transaction thus tricking the script into believing that the number of tokens minted is less than it actually is. Instead of currencySymbolValueOf you should use variants that only sums the quantities that are positive and another variant that only sums the quantities which are negative and then you can check that the tx is only minting or only burning ie:
or just use variants onlyPositiveValueOf and onlyNegativeValueOf that error upon encountering non-positive / non-negative quantities and then use two redeemers (MintAct / BurnAct) to branch on minting and burning. The PermissionedCandidatesMint minting policy also suffers from this exploit.
The text was updated successfully, but these errors were encountered:
partner-chains-smart-contracts/onchain/src/TrustlessSidechain/DParameter.hs
Line 33 in b18f693
Currently there is a vulnerability by which the operator burns and mints in the same transaction which allows him to by-pass the validator's checks that all tokens must go to the dParameter validator and smuggle tokens out of the contracts. This is due to the contract's dangerous use of
currencySymbolValueOf.I suggest you introduce the following checks to the
DParameterMP:i. contains exactly 1 DParameterToken
ii. contains an inline datum that correctly decodes into
DParameterValidatorDatumcurrencySymbolValueOfallows for an exploit where the operator burns and mintsDParametertokens in the same transaction thus tricking the script into believing that the number of tokens minted is less than it actually is. Instead ofcurrencySymbolValueOfyou should use variants that only sums the quantities that are positive and another variant that only sums the quantities which are negative and then you can check that the tx is only minting or only burning ie:or just use variants
onlyPositiveValueOfandonlyNegativeValueOfthat error upon encountering non-positive / non-negative quantities and then use two redeemers (MintAct/BurnAct) to branch on minting and burning. ThePermissionedCandidatesMintminting policy also suffers from this exploit.The text was updated successfully, but these errors were encountered: