[SC AUDIT] Result without Payment. Malicious IexecAPI contract without callback
Closed this issue · 5 comments
At buyForWorkOrder if requester set a callback contract that do not implement workOrderCallback function. When scheduler try to call the finalizeWork function, his transaction will be reverted. A malicious requester can use this to then call claimFailedConsensus and the scheduler will lost his stake.
solutions :
- remove this feature
- seperate in 2 independant transactions : finalizeWork transaction and another callback transaction
- others ideas ?
Not enough gas at deploy to add a new callback fonction in WorkOrder.sol or and WorkerPool.sol separate from the finalizeWork function. Create an independant CallbackProof.sol for auditability.
can't use directly WorkOrder(_woid).stdout() from another contract because of :
- https://ethereum.stackexchange.com/questions/12765/type-inaccessible-dynamic-type-is-not-implicitly-convertible-to-expected-type
- can't update also to 0.4.22 that solve this. because optimizer has change in 0.4.22 and => out of gas at IexecHub with compile at 0.4.22
So a callback proof will be store in the workorder at finilizedWork transaction (this added parameter is ok for gas limit at deploy) and we will check it at callback call. every body will be able to call this callback. It will pass only if it set the same result as the scheduler has indicated at finalizeWork call. it will looks like something like this the CallbackProof.sol contract :
function callback(address _woid,string _stdout, string _stderr, string _uri) public
{
require(WorkOrder(_woid).m_status() == IexecLib.WorkOrderStatusEnum.COMPLETED);
require(WorkOrder(_woid).m_resultCallbackProof() == keccak256(_stdout,_stderr,_uri));
address callbackTo =WorkOrder(_woid).m_callback();
if (callbackTo != address(0))
{
require(IexecCallbackInterface(callbackTo).workOrderCallback(
this,
_stdout,
_stderr,
_uri
));
}
....
Mémo : TODO add workorder check in CallbackProof.sol to fix issue #26 also here. need link to iexecHub