Listen to this Post
The CVE-31070 vulnerability operates within the justification verification caching mechanism of the go-f3 consensus library. The flaw stems from caching the result of a justification verification check without binding that result to the specific message context for which it was initially validated. An attacker can exploit this by first sending a valid consensus message containing a correct justification. This positive verification result is then stored in the cache. Subsequently, the attacker can submit a different, invalid message in a new context but reuse the same justification. The caching system, upon finding a matching justification hash in its cache, returns the previously stored “valid” result without re-validating the justification against the new, incorrect message context. This allows the invalid message to be accepted, effectively bypassing critical consensus safeguards.
Platform: Filecoin (go-f3)
Version: < 0.8.9
Vulnerability : Consensus Bypass
Severity: Critical
date: 2024
Prediction: Patched (nv27)
What Undercode Say:
grep -r "VerifyJustification" ./consensus/ cat /proc/sys/vm/drop_caches lotus version | grep "f3"
// Pseudo-code illustrating the flawed cache logic
if cache.Has(justificationHash) {
return cache.Get(justificationHash) // Returns valid without context check
}
How Exploit:
1. Send valid message.
2. Poison verification cache.
3. Reuse justification for invalid message.
4. Bypass consensus integrity.
Protection from this CVE
Upgrade to go-f3 0.8.9.
Apply nv27 network upgrade.
No available workarounds.
Impact:
Consensus integrity loss.
Potential network liveness issues.
Invalid justification acceptance.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
