Prysm

Findings · 15

1. 1 Unhandled errors Informational
2. 2 os.Create() used without checking for an existing file Informational
3. 3 Passing sensitive configuration values through the command line may leak to other processes on the system Low
4. 4 Configuration files containing potentially sensitive values are not checked for permissions Low
5. 5 Panics by the beacon-chain and validator RPC APIs can panic are recovered but may lead to crashes due to memory exhaustion Low
6. 6 Goroutine leaks can lead to Denial of Service Undetermined
7. 7 Potential deadlock if the Feed.Send panic is recovered and the function is retried Undetermined
8. 8 Block Proposer DDoS Medium
9. 9 The db backup endpoint may be triggered via SSRF or when visiting an attacker website, which may cause a DoS Medium
10. 10 Maximum gRPC message size of MaxInt32 (2GB) set in beacon-chain/server may lead to DoS Informational
11. 11 EpochParticipation.UnmarshalJSON may parse invalid data Undetermined
12. 12 Uint256.UnmarshalJSON may parse invalid data Undetermined
13. 13 Failed assertions in the FuzzExecutionPayload fuzzing harness Undetermined
14. 14 The JWT authentication docs suggest generating the secret using third-party websites Low
15. 15 Potentially insucient gossip topic validation Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.