| Safe Haskell | Safe-Inferred |
|---|---|
| Language | Haskell2010 |
Convex.ThreatModel.MissingOutputDatum
Description
Threat model for detecting Missing Output Datum vulnerabilities.
A Missing Output Datum Attack targets state-machine validators that require a continuation output to carry a valid datum. If the validator does not enforce that requirement, an attacker can remove the datum from the continuation output and still have the transaction validate.
Consequences ==
- State corruption: The next contract state cannot be reconstructed from the continuation output.
- Permanent fund locking: Future spends may fail because the validator cannot decode the expected state from a missing datum.
Mitigation ==
A secure validator should explicitly reject continuation outputs without datum
(e.g. NoOutputDatum) and ensure stateful outputs always include valid datum.
This threat model mutates a continuation output by replacing its datum with
TxOutDatumNone. If the transaction still validates, the script may be
vulnerable.
Synopsis
Documentation
missingOutputDatumAttack :: ThreatModel () Source #
Check for Missing Output Datum vulnerabilities.
For a transaction that spends a script input and creates a continuation output back to the same script address with a datum:
- Remove the continuation output datum (
TxOutDatumNone) - If the transaction still validates, the script does not enforce that continuation outputs carry state datum.