Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kakarot precompiles can be called in a staticcall context, allowing writes in view functions #63

Open
c4-bot-9 opened this issue Oct 25, 2024 · 2 comments
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden grade-a primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_34_group AI based duplicate group recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality

Comments

@c4-bot-9
Copy link
Contributor

c4-bot-9 commented Oct 25, 2024

Lines of code

https://github.com/kkrt-labs/kakarot/blob/7411a5520e8a00be6f5243a50c160e66ad285563/src/kakarot/precompiles/precompiles.cairo#L140

Vulnerability details

Kakarot precompiles (cairo_precompile and cairo_message) allow calling external Starknet functionality from an EVM context.

Among the checks that Kakarot makes to secure these Starknet calls, there is no check for the context not to be read_only:

File: precompiles.cairo
134:         kakarot_precompile:
135:         let is_whitelisted = KakarotPrecompiles.is_caller_whitelisted(caller_code_address);
136:         tempvar is_not_authorized = 1 - is_whitelisted;
137:         tempvar syscall_ptr = syscall_ptr;
138:         tempvar pedersen_ptr = pedersen_ptr;
139:         tempvar range_check_ptr = range_check_ptr;
140:         jmp unauthorized_call if is_not_authorized != 0;

A check on read_only would make sense because when the execution context leaves Kakarot and continues in Starknet contracts, the read_only information is not propagated to the Cairo execution which can make state-changing operations like ERC-20 token transfers.

With the contracts currently planned to be whitelisted, DualVmToken and L2KakarotMessaging, only the latter can be used for this purpose because the events emitted by DualVmToken revert in a static context. It is therefore possible to send messages to L1 from view functions and calls with a staticcall parent. For this reason, we recommended a Medium severity.

Proof of Concept

  • Have a contract with a view function, which staticcalls a contract whitelisted for Kakarot precompiles which can be L2KakarotMessaging
  • Have another contract call this view function (solc would make a staticcall here too)
  • Cairo contracts can be called, and their state can be changed; no EVM revert is triggered

Recommended Mitigation Steps

Within the current scope, only DualVmToken and L2KakarotMessaging are to be whitelisted for cairo calls.

DualVmToken is safe from this because all its "write" operations (approve, transfer, transferFrom) have emit statements that will trigger a revert in a read-only context.

Similarly, it is recommended that L2KakarotMessaging is updated with the emission of an event in its sendMessageToL1 function.

In general, all other contracts to be whitelisted for cairo calls should adopt this or similar precautions.

Assessed type

Other

@c4-bot-9 c4-bot-9 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Oct 25, 2024
c4-bot-9 added a commit that referenced this issue Oct 25, 2024
@c4-bot-11 c4-bot-11 added the 🤖_34_group AI based duplicate group recommendation label Oct 25, 2024
@howlbot-integration howlbot-integration bot added primary issue Highest quality submission among a set of duplicates sufficient quality report This report is of sufficient quality labels Oct 27, 2024
@ClementWalter
Copy link

Severity: Informative

Comment: The idea of this finding is that contracts using the cairo precompile should enforce their view declaration (which can be bypassed by a low level call) by emitting events, so that it's actually not possible to make "starknet write" operations in staticcall. This makes sense and could be added to the doc, but is not a vulnerability.

@ClementWalter ClementWalter added the sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue label Nov 4, 2024
@c4-judge c4-judge added downgraded by judge Judge downgraded the risk level of this issue QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Nov 8, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Nov 8, 2024

dmvt changed the severity to QA (Quality Assurance)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue edited-by-warden grade-a primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_34_group AI based duplicate group recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
Projects
None yet
Development

No branches or pull requests

6 participants