Issue Overview
- Current Status: Issue Fixed
- Affected Network: Testnet, Mainnet
Summary of Impact
Four critical-impact vulnerabilities would have allowed someone to duplicate resources.
Technical Summary of Issues
- When destroying (or performing any kind of generalized iteration over) a dictionary, array, or other containers of resources, it was possible to influence the iteration order of the container during the execution of the destructor. Doing so could make the iteration either skip over or revisit elements of the container, effectively causing the loss or duplication respectively, of the elements of the container.
- During the destruction of a resource, it was possible to re-run (re-enter) the destructor, allowing the duplication of resources.
- It was possible to perform a function invocation on a destroyed resource, allowing the duplication of resources.
- During destruction, it was possible to mutate a destroyed parent resource in a way that a child resource is destroyed multiple times, allowing the duplication of resources.
Mitigation
The security reports were immediately acknowledged and reproduced. Fixes were developed and deployed to all networks.
In the future, the Cadence team plans to add additional defensive checks to prevent resources from being duplicated or re-destroyed in this way. In addition, changes included in Stable Cadence would have prevented these exploits.
Recognition
As core contributors to the Flow ecosystem, we take reported issues very seriously and would like to thank Otto Ebeling (of Critical Section Security Oy) for reporting the issues responsibly through our Responsible Disclosure Policy.