go-f3 is Vulnerable to Cached Justification Verification Bypass

go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

使用基本弱点进行的认证绕过

Go implementation of Fast Finality in Filecoin 安全漏洞

Go implementation of Fast Finality in Filecoin是Filecoin开源的一个快速确认机制的Golang库。 Go implementation of Fast Finality in Filecoin 0.8.8及之前版本存在安全漏洞，该漏洞源于验证结果缓存机制未正确考虑消息上下文，可能导致攻击者绕过验证。

N/A

N/A