Upgraded Q -> 2 from #128 [1731055600750] #131
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-69
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
c4-judge
added
the
2 (Med Risk)
c4-judge
added a commit
that referenced
this issue
Nov 8, 2024
|
dmvt marked the issue as duplicate of #69 |
c4-judge
added
the
satisfactory
|
dmvt marked the issue as satisfactory |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Judge has assessed an item in Issue #128 as 2 risk. The relevant finding follows:
The cairo code while decoding several transaction types, checks the length of chainid as can be seen in the following functions: https://github.com/kkrt-labs/kakarot/blob/7411a5520e8a00be6f5243a50c160e66ad285563/src/utils/eth_transaction.cairo#L101-L157 https://github.com/kkrt-labs/kakarot/blob/7411a5520e8a00be6f5243a50c160e66ad285563/src/utils/eth_transaction.cairo#L164-L222 however when decoding a legacy transaction the chainid length check is missing which creates inconsistency in the codebase which can later lead to issues https://github.com/kkrt-labs/kakarot/blob/7411a5520e8a00be6f5243a50c160e66ad285563/src/utils/eth_transaction.cairo#L63-L78
// pre eip-155 txs have 6 fields, post eip-155 txs have 9 fields
if (items_len == 6) {
tempvar is_some = 0;
tempvar chain_id = 0;
} else {
assert items_len = 9;
assert items[6].is_list = FALSE;
assert items[7].is_list = FALSE;
assert items[8].is_list = FALSE;
let chain_id = Helpers.bytes_to_felt(items[6].data_len, items[6].data);
}
let is_some = [ap - 2];
let chain_id = [ap - 1];
The text was updated successfully, but these errors were encountered: