Trail of Bits
Audit Open Original ↗

Aleo snarkVM, snarkOS, BullsharkBFT

Type

Security review

Client

Aleo Systems

Date

2023-10

Domain

Crypto

Effort

18 wks

Section

Cryptography Reviews

Trail of Bits's security review of Aleo Systems (Oct 2023) identified 31 issues: 1 medium, 4 low, 23 informational, and 3 undetermined.

Findings · 31

  1. 1 Denial-of-service vectors in FromBytes implementations Low
  2. 2 Faulty validation enables more than the intended number of inputs on finalize commands Informational
  3. 3 Parsing dierences between the aleo.abnf grammar and the implementation Informational
  4. 4 Function, closure, and finalize deserialization routines allow large memory allocations Informational
  5. 5 Unvalidated destination type for commit instructions Informational
  6. 6 Unnecessary overflow checks Informational
  7. 7 Missing upper bound validation with MAX_STRUCT_ENTRIES Informational
  8. 8 Discrepancy between the matches_record function implementation and its documentation Informational
  9. 9 The /testnet3/node/env API endpoint provides binary path and repository information Informational
  10. 10 Maximum peer message limit is o by one Informational
  11. 11 The peers request/response flow allows for local IP with non-node port Low
  12. 12 The refresh_and_insert function may not return previously seen timestamp Low
  13. 13 Structure serialization does not declare the correct number of fields Informational
  14. 14 Potential overflow in the total finalize cost Informational
  15. 15 The is_sequential function allows u64::MAX to 0 transitions Informational
  16. 16 Requests for more peers may not use newly connected peers Informational
  17. 17 Committee::new allows genesis committees with more than four members to be created Informational
  18. 18 GitHub CI actions versions are not pinned Medium
  19. 19 The committee sorting tests do not consider whether the validator is open to staking Informational
  20. 20 Impossible match case in authority verification routine Undetermined
  21. 21 The BFT::is_linked function does not properly determine whether two certificates are linked Undetermined
  22. 22 Peer is not removed from connecting_peers when handshake times out Undetermined
  23. 23 Rest API allows any origin Low
  24. 24 Garbage collection does not collect the next_gc_round Informational
  25. 25 Fee verification is o by one Informational
  26. 26 Potential block reward truncation and overflow Informational
  27. 27 Saturated additions and subtractions can cause inconsistencies Informational
  28. 28 IndexSet::remove does not preserve the order of the IndexSet Informational
  29. 29 The batch certificate ID calculation does not include the number of signatures in the preimage Informational
  30. 30 Missing validations in block metadata and header validation functions Informational
  31. 31 The order of the saturating_add and checked_sub operations is not documented Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related