Coinbase

Coinbase: Proof Contracts Update

Cantina Security Report

Organization

@coinbase

Engagement Type

Cantina Reviews

Period

-

Repositories

GitHubbase/contracts

Researchers

zigtur

0xhuy0512

Findings

Medium Risk

1 findings

1 fixed

0 acknowledged

Medium Risk1 finding

  1. Untrusted certificates can not be revoked

    State

    Fixed

    PR #329

    Severity

    Severity: Medium

    Submitted by

    zigtur

    Description

    The new revocation mechanism allows the owner/revoker to revoke a certificate through the revokeCert() function.

    However, the current logic requires this certificate to be trusted before being revokable.

    function revokeCert(bytes32 certHash) external onlyOwnerOrRevoker {        if (trustedIntermediateCerts[certHash] == 0) { // @audit requires certificate to be trusted            revert CertificateNotFound(certHash);        }        delete trustedIntermediateCerts[certHash];        revokedCerts[certHash] = true;        emit CertRevoked(certHash);    }

    In the scenario where a certificate private key has been compromised but this certificate is not yet recognized in the trustedIntermediateCerts, it is not possible to revoke this certificate in a safe way. Revoking this certificate is not possible without trusting it in the first place.

    Recommendation

    The trustedIntermediateCerts check should be removed from revokeCert() to ensure safe revocation of not-yet trusted certificates.

    function revokeCert(bytes32 certHash) external onlyOwnerOrRevoker {-       if (trustedIntermediateCerts[certHash] == 0) {-           revert CertificateNotFound(certHash);-       }        delete trustedIntermediateCerts[certHash];        revokedCerts[certHash] = true;        emit CertRevoked(certHash);    }

    Coinbase

    Fixed in PR329.

    Cantina

    Fixed. The patch has been applied and the documentation is up-to-date.