CVE-2021-21405

Name of the Vulnerable Software and Affected Versions Lotus (affected versions not specified)

Description The issue concerns BLS signature validation in Lotus, which uses the blst library method VerifyCompressed. This method accepts signatures in two forms: serialized and compressed, allowing BLS signatures to be provided as either of two unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks, considering two blocks distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. As a result, it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique.

Recommendations By switching from the go-based blst bindings to the bindings in filecoin-ffi, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This change occurred in https://github.com/filecoin-project/lotus/pull/5393. At the moment, there is no information about a newer version that contains a fix for this vulnerability.