TOB-FUEL-2: Uninitialized blocks could be seen as finalized

[xgreenx]

Description

Blocks that have not been committed yet could be seen as finalized.
If the Commit struct stored in _commitSlots is uninitialized, commitSlot.timestamp will default to zero and the boolean expression indicating whether a block is finalized given the commit’s timestamp will evaluate to true.

Figure 2.1: The finalized function in fuel-v2-contracts/contracts/fuelchain/FuelChainState.sol

101    /// @notice Checks if a given block is finalized
102    /// @param blockHash The hash of the block to check
103    /// @param blockHeight The height of the block to check
104    /// @return true if the block is finalized
105    function finalized(bytes32 blockHash, uint256 blockHeight) external view
whenNotPaused returns (bool) {
106       uint256 commitHeight = blockHeight / BLOCKS_PER_COMMIT_INTERVAL;
107       Commit storage commitSlot = _commitSlots[commitHeight % NUM_COMMIT_SLOTS];
108       require(commitSlot.blockHash == blockHash, "Unknown block");
109
110       return block.timestamp >= uint256(commitSlot.timestamp) +
111 }

However, in this case, the provided blockHash parameter must equal the default value of Commit.blockHash (bytes32(0)) for the function to pass the require-check on line 108.

Recommendations

Short term, include a check that returns false when commitSlot.timestamp equals zero.
Long term, carefully consider all edge cases, such as when checking for a finalized block when it has not been committed yet.

[Voxelot]

Decided not to fix