Skip to content
Search Create account

Developers Forum for XinFin XDC Network

Developers Forum for XinFin XDC Network is a community of 2,832 amazing users

Developers Forum for XinFin XDC Network

Create account Log in
Twitter Facebook Github Instagram
Gary
Gary

Posted on

Report on fixing CVEs

Our team surveyed go-ethereum (geth) security vulnerabilities on CVE details website (https://www.cvedetails.com/vulnerability-list/vendor_id-17524/product_id-51210/Ethereum-Go-Ethereum.html) and spotted several ones that could affect XDC. Here is a list of the vulnerabilities.

1. CVE-2022-29177

This vulnerability is about using an index d of type uint to access an array discReasonToString, and the index bound check is done by converting d to int(d) and checking whether len(discReasonToString) < int(d). This check misses the situation where int(d) could be negative. We fix the check to len(discReasonToString) <= int(d) || int(d) < 0.
In XDC codebase, our team finds that we cannot use geth fix (ethereum#24507) since modifying DiscReason to uint8 messes up the message encoding.
Status: Merged into branch dev-upgrade.
Links:
https://www.cvedetails.com/cve/CVE-2022-29177/
https://github.com/XinFinOrg/XDPoSChain/pull/242

2. CVE-2021-39137

This vulnerability is caused by pointer misusage in the Go language. It is fixed by using CopyBytes to copy bytes rather than using the same pointer.
Status: Merged into branch master.
Links:
https://www.cvedetails.com/cve/CVE-2021-39137/
https://github.com/XinFinOrg/XDPoSChain/commit/b5abbfed79084fdd188837d645d13db229b2d5d0

3. CVE-2020-26241

This vulnerability is about the wrong implementation of the data copy native contract. It is fixed by using CopyBytes to copy bytes.
Status: PR created.
Links:
https://www.cvedetails.com/cve/CVE-2020-26241/
https://github.com/XinFinOrg/XDPoSChain/pull/255

4. CVE-2018-16733

This vulnerability is about the attacker using incorrect starting and ending block numbers to trace blocks. If the starting block number is larger than the ending one, the program would be stuck in an infinite loop. We fix it by checking the starting and ending block numbers.
Status: PR created.
Links:
https://www.cvedetails.com/cve/CVE-2018-16733/
https://github.com/XinFinOrg/XDPoSChain/pull/251/files

5. CVE-2018-12018

This vulnerability is about the attacker using a negative skip number to cause an infinite loop. We fix it by checking the skip number.
Links:
https://www.cvedetails.com/cve/CVE-2018-12018/
https://github.com/XinFinOrg/XDPoSChain/pull/250

Unrelated CVEs

These CVEs are unrelated since it does not exist in XDC:
https://www.cvedetails.com/cve/CVE-2018-19184/
https://www.cvedetails.com/cve/CVE-2020-26264/
https://www.cvedetails.com/cve/CVE-2021-41173/
These CVEs are unrelated since they are about ethash consensus and XDC uses XDPoS consensus:
https://www.cvedetails.com/cve/CVE-2022-37450/
https://www.cvedetails.com/cve/CVE-2021-42219/
https://www.cvedetails.com/cve/CVE-2020-26240/
This CVE is solved by using the latest Go language:
https://www.cvedetails.com/cve/CVE-2020-26242/
This CVE is solved automatically since we have a gas limit for blocks:
https://www.cvedetails.com/cve/CVE-2018-20421/

Discussion (1)

Collapse
akhekade profile image
Atul Khekade

This looks good!

Read next

darren_brazel_4bb16e05193 profile image

[WIP] Is there an issue with the wallet today.

Darren Brazel -

jeej4 profile image

[Closed] Help lost transaction bitrue wont help 3 years

JEEJ 4 -

liamlai profile image

[Informative] Proactive Security Measures: Temporarily Disabling XDCx Feature for Enhanced Chain Security

Liam -

vinn_9686 profile image

[Informative] How to create Multi-Sig Wallet Contract with XDC Network!

Vinn -