Vyper Vested Claims

First Flight #34
Beginner FriendlyDeFi
100 EXP
View results
Submission Details
Severity: medium
Invalid

lack of validation of the proof length in `_verify_proof` function

Summary

lack of validation of the proof length in _verify_proof function

Vulnerability Details

The _verify_proof function does not validate the length of the proof array. If the proof array is empty, the function will still compute a hash and compare it to the merkle_root.

This can lead to false positives where an empty proof is accepted as valid for certain leaves.

def _verify_proof(proof: DynArray[bytes32, 20], leaf: bytes32) -> bool:
"""
@notice This function is used to verify the merkle proof
@param proof: DynArray[bytes32, 20], the merkle proof
@param leaf: bytes32, the leaf node
@return bool: True if the proof is valid
"""
computed_hash: bytes32 = leaf
for proof_element: bytes32 in proof:
computed_hash = self._hash_pair(computed_hash, proof_element)
return computed_hash == self.merkle_root

Impact

An attacker could submit an empty proof and potentially claim tokens they are not entitled to, depending on the structure of the Merkle tree.

Tools Used

Manual analysis

Recommendations

Add a check to reject empty proofs

Updates

Appeal created

bube Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.