# #37646 \[BC-Insight] No implementation of BLOB\_SIDECAR\_SUBNET\_COUNT with no issue and no PR in the GitHub **Submitted on Dec 11th 2024 at 14:10:06 UTC by @Pig46940 for** [**Attackathon | Ethereum Protocol**](https://immunefi.com/audit-competition/ethereum-protocol-attackathon) * **Report ID:** #37646 * **Report Type:** Blockchain/DLT * **Report severity:** Insight * **Target:** * **Impacts:** * (Specifications) A bug in specifications with no direct impact on client implementations ## Description ## Brief/Intro In the consensus specifications, BLOB\_SIDECAR\_SUBNET\_COUNT should be implemented; however, it is not implemented in the Lodestar codebase. in Deneb:EIP4844]\_ | Name | Value | Description | | --------------------------- | ----- | ------------------------------------------------------------------ | | `BLOB_SIDECAR_SUBNET_COUNT` | `6` | The number of blob sidecar subnets used in the gossipsub protocol. | ## Vulnerability Details The coment left in the test code `// TODO DENEB: Configure the blob subnets in a followup PR`. BUT, I could not find the implementation in entire repository. The `BLOB_SIDECAR_SUBNET_COUNT` defines the blob sidecar subnet count in the Gossipsub protocol. However, no implementation is found in the entire codebase. I carefully checked the following code, which should contain the relevant logic, but found no implementation:\ The value is only defined in interopConfigs.ts with no implementation:\ I could not understand why your project does not implement this specification logic though the GitHub:\ Additionally, the following comment is left in the test code:\ // TODO DENEB: Configure the blob subnets in a followup PR\ However, I could not find the implementation in the entire repository. ### Other clients Other consensus clients have implemented this logic. * Prysm * Lighthouse ## Impact Details It is difficult to clearly understand the full impact; however, the blob sidecar network will increase certain limits when interacting with other clients. This may lead to an increase in P2P network traffic to some extent, potentially exposing a vulnerability that attackers could exploit. ## References ## Proof of Concept ## Proof of Concept Should be in like following code ``` for (const [fork, peersByBeaconBlobSidecarSubnet] of peersByBeaconBlobSidecarSubnetByFork.map) { for (let subnet = 0; subnet < BLOB_SIDECAR_SUBNET_COUNT; subnet++) { metricsGossip.peersByBeaconBlobSidecarSubnet.set( {fork, subnet: attSubnetLabel(subnet)}, peersByBeaconBlobSidecarSubnet[subnet] ?? 0 ); } } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/ethereum-protocol-or-attackathon/37646-bc-insight-no-implementation-of-blob_sidecar_subnet_count-with-no-issue-and-no-pr-in-the-githu.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.