Safe Haskell	Safe-Inferred
Language	Haskell2010

Convex.ThreatModel.OutputDatumHashMissing

Description

Threat model for detecting missing OutputDatumHash witness vulnerabilities.

This attack mutates a continuation output from inline datum to TxOutDatumHash with a hash that is not present in txInfoData. A secure validator that reads state from output datum hashes must reject this transaction because it cannot resolve the hash to actual datum bytes.

Consequences ==

State resolution failure: The validator cannot decode continuation state.
Potential fund locking: If invalid continuation outputs are accepted, future spends can fail when state cannot be reconstructed.

Mitigation ==

A secure validator should reject OutputDatumHash values that cannot be found in the transaction datum map.

Synopsis

outputDatumHashMissingAttack :: ThreatModel ()
outputDatumHashMissingAttackWith :: Hash ScriptData -> ThreatModel ()

Documentation

outputDatumHashMissingAttack :: ThreatModel () Source #

Default attack using a deterministic orphaned datum hash.

outputDatumHashMissingAttackWith :: Hash ScriptData -> ThreatModel () Source #

Attack with configurable orphaned datum hash.

For transactions that spend a script input and create a continuation output with inline datum at the same script address:

Replace that output's datum with TxOutDatumHash using orphanHash
Keep the hash absent from txInfoData
If the transaction still validates, the contract does not enforce datum-hash resolution safety.