CVE-2022-29219: Integer Overflow or Wraparound
(updated )
Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing
or ProposerSlashing
being included on-chain. Because the developers represent uint64
values as native javascript number
s, there is an issue when those variables with large (greater than 2^53) uint64
values are included on chain. In those cases, Lodestar may view valid_AttesterSlashing
or ProposerSlashing
as invalid, due to rounding errors in large number
values. This causes a consensus split, where Lodestar nodes are forked away from the main network. Similarly, Lodestar may consider invalid ProposerSlashing
as valid, thus including in proposed blocks that will be considered invalid by the network. Version 0.36.0 contains a fix for this issue. As a workaround, use BigInt
to represent Slot
and Epoch
values in AttesterSlashing
and ProposerSlashing
objects. BigInt
is too slow to be used in all Slot
and Epoch
cases, so one may carefully use BigInt
just where necessary for consensus.
References
Detect and mitigate CVE-2022-29219 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →