Buffer Overflow Affecting @chainsafe/lodestar package, versions <0.36.0
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JS-CHAINSAFELODESTAR-2847914
- published25 May 2022
- disclosed24 May 2022
- creditUnknown
Introduced: 24 May 2022
CVE-2022-29219 (opens in a new tab)How to fix?
Upgrade @chainsafe/lodestar to version 0.36.0 or higher.
Overview
@chainsafe/lodestar is an A Typescript implementation of the beacon chain
Affected versions of this package are vulnerable to Buffer Overflow. Possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain.
The library represents uint64 values as native javascript numbers, causing an issue when those variables with large (greater than 2^53) uint64 values are included on chain. In those cases, Lodestar may view _valid_ AttesterSlashing or ProposerSlashing as _invalid_, due to rounding errors in large number values. This causes a consensus split, where Lodestar nodes are forked away from the main network.
Similarly Lodestar may consider _invalid_ ProposerSlashing as _valid_, thus including in proposed blocks that will be considered invalid by the network.
Workarounds
Use BigInt to represent Slot and Epoch values in AttesterSlashing and ProposerSlashing objects. BigInt is too slow to be used in all Slot and Epoch cases, so use BigInt only when necessary for consensus.