fix(protocol): fix an issue for ProverSet.proposeBlock
#17521
Conversation
fix(protocol): fix an issue for
|
| Severity Level | Results | |
|---|---|---|
| Contracts | Critical High Medium Low Note Total |
2 2 0 8 42 54 |
| Dependencies | Critical High Medium Low Note Total |
0 0 0 0 0 0 |
For more details view the full report in OpenZeppelin Code Inspector
| @@ -83,7 +83,7 @@ contract ProverSet is EssentialContract, IERC1271 { | |||
| bytes calldata _txList | |||
| ) | |||
| external | |||
| onlyProver | |||
There was a problem hiding this comment.
Don't we need this check because of this:
taiko-mono/packages/protocol/contracts/L1/libs/LibProposing.sol
Lines 184 to 186 in d3037ad
So now anybody could propose a block through this contract, set no hooks and the assignedProver to the pool contract, and use the TAIKO in this contract as a bond for the proving no? And then the provers in this contract are forced to prove the block, which seems unwanted?
There was a problem hiding this comment.
They still need an enabled prover to sign their blob at first?
There was a problem hiding this comment.
You mean this check:
? This check is only done when no blob is used, so then still a problem when a blob is used I think.hmmm also does ECDSA.recover even support contracts? Looking at https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/cryptography/ECDSA.sol it doesn't seem to call isValidSignature anywhere for contract addresses.
There was a problem hiding this comment.
I think you are right, we may also need to whitelist the proposer addresses in proverSet @dantaik
No description provided.