Insecure Transaction Tracing

Description

Using built-in transaction tracers can be dangerous if measures are not taken to filter out reverted call frames. Review the related code to ensure that reverted call frames and their associated subtraces are filtered out from any analysis and the transaction being traced is from a finalized block.

Examples

Insecure Code

RECEIVER.TraceTransaction(CTX, FILTER, TRACECONF)

Secure Code

RECEIVER.TraceTransaction(CTX, FILTER, TRACECONF) with reverted call frames filtered out

Remediation

Implement logic to filter out reverted call frames and ensure the transaction is from a finalized block.

Rule Details

Field	Value
ID	CODE-0190
Category	Blockchain
Severity	HIGH
CWE	CWE-1284
Confidence	LOW
Impact	HIGH
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	security, audit
OWASP	N/A

References

https://blog.trailofbits.com/2023/08/23/the-engineers-guide-to-blockchain-finality/

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Insecure Transaction Tracing

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Insecure Transaction Tracing ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Insecure Transaction Tracing

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References