1. 10 Sep, 2022 30 commits
  2. 09 Sep, 2022 8 commits
  3. 08 Sep, 2022 2 commits
    • Matthew Slipper's avatar
      op-node: Fix OPB-01 (#3360) · 9ea5921d
      Matthew Slipper authored
      * op-node: Fix OPB-01
      
      `(*ExectionPayload).UnmarshalSSZ()` fails to properly validate the `transactionsOffset` and `extraDataOffset` values, allowing a malicious actor to crash multiple op-nodes by gossiping a P2P message containing a specially crafted `SSZExecutionPayload`.
      
      * lint
      9ea5921d
    • Matthew Slipper's avatar
      op-node: Fix OPB-05, fix additional security issue (#3361) · 1c787aa0
      Matthew Slipper authored
      - OPB-05: Puts the signature verification before further unmarshaling to guard against mal-formed payloads.
      - Adds a minimum size check to the payload decoding to ensure we always have at least a signature and a payload available.
      1c787aa0