go-f3 Justification Verification Caching Vulnerability Allowing Bypass of Validation

A vulnerability exists in go-f3, a Golang implementation of Fast Finality for Filecoin, in versions prior to 0.8.9. The issue arises in the justification verification caching mechanism, where verification results are cached without adequately considering the message context. This flaw allows an attacker to bypass justification verification by first submitting a valid message with the correct justification and then reusing the cached justification in contexts where it would typically be invalid. The exploitation potential is significant, requiring over 350 TiB of power due to power table rounding, and could lead to consensus integrity issues by allowing invalid justifications to be accepted, potentially disrupting network liveness and influencing consensus decisions.

Impact

Exploitation could cause consensus integrity issues by allowing invalid justifications to be accepted, potentially disrupting network liveness and influencing consensus decisions. However, it would require significant power (over 350 TiB) to exploit meaningfully, and coordinating such an attack to affect more than one-third of the network simultaneously would be challenging.

Reproduction

To reproduce this vulnerability, first, send a valid message with the correct justification. Then, reuse the cached justification in a context where it would normally be invalid. This can be done by taking advantage of the cached verification, which does not properly validate the relationship between the justification and the specific message context.

Remediation

Upgrade to go-f3 version 0.8.9 or later. All node software (Lotus, Forest, Venus) are using a patched version of go-f3 with their updates for the nv27 network upgrade.