Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TOB-FUEL-43: Relayer should check for finalized blocks instead of block confirmations #1336

Closed
xgreenx opened this issue Aug 29, 2023 · 0 comments · Fixed by #1399
Closed

TOB-FUEL-43: Relayer should check for finalized blocks instead of block confirmations #1336

xgreenx opened this issue Aug 29, 2023 · 0 comments · Fixed by #1399
Assignees
@bvrooman
Labels
audit-report Somehow related to the audit report bug Something isn't working

Comments

@xgreenx
Copy link
Collaborator

xgreenx commented Aug 29, 2023
edited
Loading

Description

The Fuel relayer synchronizes the Fuel L2 with Ethereum mainnet by processing deposit transactions on Ethereum once the block containing a transaction has received sufficient confirmations, currently at least 100. This enables users to receive their deposited asset on the Fuel L2 and potentially withdraw it.

This mechanism and its configuration are not safe as Ethereum mainnet can experience periods of non-finality and block confirmations do not have any bearing on whether a transaction is final. In May 2023 the beacon chain failed to finalize for 9 epochs which corresponds to 149 blocks, indicating that Fuel’s configuration may process transasctions that are subsequently reorged and allow double spending deposits.

Instead, the Fuel relayer should only make logs available to the block producer which are finalized; that is, the block is justified (it has received attestations from two-thirds validators) and is 1 epoch behind a block is also justified. Double spends would require burning of staked Ether, which is prohibitively expensive.

Figure 43.1: the finality criteria defined in the Fuel Relayer Specification

Ethereum blocks are considered final after two epochs. Each epoch contains 32 slots. A slot takes 12s so epoch is around 6.4min and two epochs will take 12.8min. After 13min we are sure that our deposits will not be reverted by some big reorganization. So we are okay to say that everything older [sic] then ~100blocks is finalized.

Figure 43.2: the Relayer considers non-finalized blocks as final given sufficient confirmations (fuel-core/crates/services/relayer/src/service/state.rs#71–84)

impl EthHeights {
    /// Create a new Ethereum block height from the current
    /// block height and the desired finalization period.
    fn new(current: u64, finalization_period: u64) -> Self {
            Self(Heights(
                current.saturating_sub(finalization_period)..=current,
            ))
    }

    /// Get the finalized eth block height.
    fn finalized(&self) -> u64 {
        *self.0 .0.start()
    } 
}

Exploit Scenario

The Beacon Chain fails to finalize as it did in May 2023 due to a client bug or network latency. Fuel processes deposit transactions of blocks that are produced but not finalized. Some deposit transactions are reorged from Ethereum mainnet, allowing attackers to deposit again and receive twice what they deposited.

Recommendations

Short term, modify the relayer to only process logs of finalized blocks and ensure the block producer validates that it is not processing non-finalized deposit transactions.

Long term, stay up-to-date on modifications and incidents pertaining to the Ethereum consensus layer that may have an impact on the Fuel L2.

References
@xgreenx xgreenx added the audit-report Somehow related to the audit report label Aug 29, 2023
@xgreenx xgreenx mentioned this issue Aug 29, 2023
Closed
@xgreenx xgreenx added the bug Something isn't working label Aug 29, 2023
@bvrooman bvrooman mentioned this issue Oct 5, 2023
Merged
xgreenx pushed a commit that referenced this issue Oct 9, 2023
feat: Retrieve finalized blocks from Ethereum (#1399)
60daac4 
Related issues:
- Closes #1336

This PR changes the approach a Fuel node uses to determine the finalized
blocks on the Ethereum blockchain.

**The existing approach:**
- Assume a "finalization period" - a period of time after which we
assume a block is finalized. Generally, we assume a block is finalized
after 100 new blocks have been produced afterwards
- Observe what the current block height is as reported by the Ethereum
client
- Subtract the finalization period from the current height to get an
assumed finalized block, i.e. current block height - 100

The problem with this approach, as outlined by Trail of Bits, is that
finality cannot be guaranteed simply by the amount of time passed alone.

**This PR proposes a more robust approach:**
- Use the Ethereum client to query for the most recently finalized block
directly. This is done using the `Finalized` tag in the query. See
gakonst/ethers-rs#1792

This approach removes any assumption on our side as to what the
finalized block is, and gets the canonically accepted finalized block
from Ethereum.
crypto523 pushed a commit to crypto523/fuel-core that referenced this issue Oct 7, 2024
feat: Retrieve finalized blocks from Ethereum (#1399)
c37548e 
Related issues:
- Closes FuelLabs/fuel-core#1336

This PR changes the approach a Fuel node uses to determine the finalized
blocks on the Ethereum blockchain.

**The existing approach:**
- Assume a "finalization period" - a period of time after which we
assume a block is finalized. Generally, we assume a block is finalized
after 100 new blocks have been produced afterwards
- Observe what the current block height is as reported by the Ethereum
client
- Subtract the finalization period from the current height to get an
assumed finalized block, i.e. current block height - 100

The problem with this approach, as outlined by Trail of Bits, is that
finality cannot be guaranteed simply by the amount of time passed alone.

**This PR proposes a more robust approach:**
- Use the Ethereum client to query for the most recently finalized block
directly. This is done using the `Finalized` tag in the query. See
gakonst/ethers-rs#1792

This approach removes any assumption on our side as to what the
finalized block is, and gets the canonically accepted finalized block
from Ethereum.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bvrooman bvrooman

Labels
audit-report Somehow related to the audit report bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Retrieve finalized blocks from Ethereum FuelLabs/fuel-core
2 participants
@bvrooman @xgreenx