Hyperbridge ismp-grandpa Crate Vulnerability Allows Arbitrary Header Finality Verification

A critical vulnerability exists in the Hyperbridge ismp-grandpa crate, specifically in versions prior to 15.0.1. This vulnerability allows a malicious prover to deceive the verifier into accepting the finality of arbitrary headers. The issue arises because the verifier incorrectly accepts invalid signatures from GRANDPA precommits. This flaw could potentially be exploited to steal funds or disrupt other cross-chain applications.

Impact

Exploitation could lead to unauthorized acceptance of finality for manipulated headers, allowing for theft of funds or compromise of cross-chain applications.

Reproduction

The vulnerability can be reproduced by using a version of the ismp-grandpa crate prior to 15.0.1. The GRANDPA verifier can be initialized with an incorrect authority set ID, which will cause it to accept invalid signatures as valid. This misconfiguration can be automated with a script that sets up the verifier incorrectly and then sends crafted GRANDPA messages that exploit the flaw.

Remediation

Users should upgrade to ismp-grandpa version 15.0.1 or later. The vulnerable versions of the crate have been yanked, and the patch is available in the latest release.