SkipBlockProof::verify computes its quorum check using BitSet.len(), then iterates BitSet indices and casts each usize index to u16 (slot as u16) for slot lookup. If an attacker can get a SkipBlockProof verified where MultiSignature.signers contains out-of-range indices spaced by 65536, these indices inflate len() but collide onto the same in-range u16 slot during aggregation.
This makes it possible for a malicious validator with far fewer than 2f+1 real signer slots to pass skip block proof verification by multiplying a single BLS signature by the same factor.
The patch for this vulnerability is included as part of v1.3.0.
No known workarounds.
Exploitability
AV:NAC:LPR:LUI:NScope
S:CImpact
C:NI:HA:H9.6/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H