logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2023-35163 code.vegaprotocol.io/vega

Package

Manager: go
Name: code.vegaprotocol.io/vega
Vulnerable Version: >=0 <0.71.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L

EPSS: 0.00056 pctl0.1738

Details

Vega's validators able to submit duplicate transactions A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network. The steps to carry out this exploit are as follows: 1. Cause an Ethereum event on one of the bridge contracts e.g a deposit to the collateral bridge, or the staking bridge 2. This will result in the Ethereum-event-forwarder of each node to submit a ChainEvent transaction to the Vega network corresponding to that event 3. Scrape the valid chain event transaction from the Tendermint block data using a node’s Tendermint API 4. Change the value of the `txId` field of the ChainEvent to any valid, but different, value 5. Bundle the tweaked ChainEvent into a new transaction, sign it with a validator key and resubmit to the Vega network 6. The fraudulent ChainEvent will be processed by Vega as if it were a new ChainEvent even though it did not occur on Ethereum The key to this exploit is in step 4. The `txId` field of the ChainEvent is used when checking for ChainEvent resubmission, but NOT during the subsequent on-chain verification of the event. Therefore changing the `txId` of an existing ChainEvent is enough to by-pass the duplication check and for it to still be verified as a real event. ### Impact The impact of this exploit is dependent on the ChainEvent being manipulated. The below table describes each one: | Chain Event | Allows | Consequence | | ------------- | ------------- | ------------- | | Deposit | Generation of unlimited funds of any asset | Withdrawal of all assets | | Stake Deposit | Delegate unlimited Vega to a single node | A single node has controlling amount of voting power | | Stake Removed | Force a Validator node to drop below self-stake requirements | Prevents reward payouts | | Bridge Stop | The Vega network to think the bridge is stopped | Prevent anyone from withdrawing funds | | Signer Removed | The Vega network to think a validator nodes is not on the multisig contract | Prevent reward payouts | ### Patches v0.71.6 ### Workarounds No work around known, however there are mitigations in place should this vulnerability be exploited: - there are monitoring alerts, for `mainnet1`, in place to identify any issues of this nature including this vulnerability being exploited - the validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited ### References N/A

Metadata

Created: 2023-06-20T16:36:18Z
Modified: 2023-06-26T16:32:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-8rc9-vxjh-qjf2/GHSA-8rc9-vxjh-qjf2.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-8rc9-vxjh-qjf2
Finding: F184
Auto approve: 1