Skip to content

Fix vulnerabilities and some minor issues #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Fix vulnerabilities and some minor issues #121

wants to merge 8 commits into from

Conversation

LeoHLee
Copy link

@LeoHLee LeoHLee commented May 28, 2025
edited
Loading

Vulnerabilities:

  • The leader may collect SignedCollect from ancient regencies in SYNC message, replacing the real SignedCollect messages in STOPDATAs. Once there is one conditional collect ending with unbound condition, the leader can use those SignedCollect messages to create an unbound condition at any future epoch.
  • The leader may collect SignedCollect from nodes not in current view.
  • verifyDecision does not check whether ACCEPT messages are for the same consensus and epoch. Byzantine node can gather ACCEPT messages in different consensus to trick honest node into wrongly executing a request.

Minor issues:

  • Typos
  • Indent
  • Inconsistent Javadocs
  • Useless parameter of insertProof in Acceptor
  • In BFT mode, catchup is entered many times with the condition of CFT

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@LeoHLee