fix: validate receipt/log membership against block txs#160
Open
Conversation
Two High severity audit findings fixed: 1. Unverified eth_getBlockReceipts data — a malicious/buggy RPC could inject orphan receipts/logs with transaction hashes not present in the block. Now validate_receipts() checks every receipt's tx_hash exists in the block's transaction list. 2. Partial eth_getBlockReceipts response — if RPC returns fewer receipts than transactions, sync would succeed with permanent gaps. Now validate_receipts() verifies receipt count matches tx count per block. Validation applied at all three sync entry points: - SyncEngine::fetch_range (realtime sync) - SyncEngine::sync_block (single block sync) - sync_range_standalone (gap-fill workers) Added 6 unit tests covering: happy path, empty blocks, orphan receipt detection, count mismatch (fewer/more), and batch length mismatch. Amp-Thread-ID: https://ampcode.com/threads/T-019d458d-01b9-76ca-9fb1-b960cd163292 Co-authored-by: Amp <amp@ampcode.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Audit Findings Fixed
Two High severity findings:
1. Unverified eth_getBlockReceipts Data Allows Malicious RPC to Inject Orphan Logs/Receipts
A malicious or buggy RPC could return receipts with
transaction_hashvalues not present in the block's transaction list. These orphan receipts/logs would be written to the database unchecked.Fix: After fetching both blocks and receipts,
validate_receipts()verifies that every receipt'stransaction_hashexists in the corresponding block's transaction list.2. Partial eth_getBlockReceipts Response Bypasses Receipt Backfill
If the RPC returns fewer receipts than transactions in a block, sync would succeed but leave permanent gaps in receipt/log data (gas_used, fee_payer remain NULL).
Fix:
validate_receipts()verifies that the receipt count matches the transaction count for each block, erroring on mismatch.Changes
validate_receipts()function insrc/sync/decoder.rsthat checks both invariantsSyncEngine::fetch_range(realtime sync)SyncEngine::sync_block(single block sync)sync_range_standalone(gap-fill workers)Testing