Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: bypass restrictions through p2p message, even cause panic #1586

Closed
3 tasks done
Tracked by #1596
yangby-cryptape opened this issue Nov 22, 2023 · 1 comment · Fixed by #1591 or #1634
Closed
3 tasks done
Tracked by #1596

bug: bypass restrictions through p2p message, even cause panic #1586

yangby-cryptape opened this issue Nov 22, 2023 · 1 comment · Fixed by #1591 or #1634
Assignees
@KaoImin
Labels
t:bug Something isn't working

Comments

@yangby-cryptape
Copy link
Collaborator

yangby-cryptape commented Nov 22, 2023
edited by Flouse
Loading

Description

Submit transactions from different components leads different results.

Even some p2p messages could let all nodes panic.

p.s. All server limits in config.toml are ignored, since they are not consensus parameters.

Examples

  • A transaction whose gas limit is less than MIN_TRANSACTION_GAS_LIMIT.

    JSON-RPC Post: Failed with "Gas limit is less than 21000".
    P2P Broadcast: Succeed.

  • A transaction whose gas limit is greater than u64::MAX.

    JSON-RPC Post: Failed with "Gas limit is too large".
    P2P Broadcast: Panic.

  • Two transactions whose used gas is greater than a half of u64::MAX.

    JSON-RPC Post: Failed with "Gas limit is too large".
    P2P Broadcast: Panic.

I just list some of the unexpected cases, I think these are not all of them.

Please check the code again, carefully and imaginatively.

References
@yangby-cryptape yangby-cryptape changed the title Bypass restrictions through p2p message Bypass restrictions through p2p message, even cause panic. Nov 22, 2023
@Flouse Flouse added the t:bug Something isn't working label Nov 22, 2023
@yangby-cryptape
Copy link
Collaborator Author

yangby-cryptape commented Nov 23, 2023
edited
Loading

References

  • Axon Drug Injector, a tool which can connect to an Axon network through P2P protocols, and inject malicious messages.

    This example can be used to panic all nodes in an Axon network through P2P protocols.

@KaoImin KaoImin self-assigned this Nov 23, 2023
@Flouse Flouse changed the title Bypass restrictions through p2p message, even cause panic. bug: bypass restrictions through p2p message, even cause panic Nov 23, 2023
@Flouse Flouse mentioned this issue Nov 27, 2023
Closed
6 tasks
@KaoImin KaoImin mentioned this issue Dec 1, 2023
Merged
7 tasks
@Flouse Flouse reopened this Dec 11, 2023
@Flouse Flouse linked a pull request Dec 13, 2023 that will close this issue
fix(mempool)!: check gas limit range #1634
Merged
3 tasks
@KaoImin KaoImin mentioned this issue Dec 13, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KaoImin KaoImin

Labels
t:bug Something isn't working
Projects
None yet
Milestone
No milestone
3 participants
@Flouse @KaoImin @yangby-cryptape