Awesome Blockchain Security

Awesome Blockchain Security

The purpose of this document is to gather public information on vulnerabilities introduced on Blockchains node software.

Bitcoin Core

  • Language: C++

Inflation bug

Leaf Node weakness in Bitcoin Merkle Tree Design

This document describes a weakness in Bitcoin Design that reduces the security of SPV proofs and therefore SPV Wallets.

RPC service enable connections from other process

It is possible for another user on the system to quietly bind the IPv4 localhost port, and forward requests to the IPv6 localhost port, intercepting the request, response, and authentication credentials.
Note: This is a super low vulnerability, but it is good practice to add this kind of things in documentations.

Combined output Overflow

On August 15 2010, it was discovered that block 74638 contained a transaction that created 184,467,440,737.09551616 bitcoins for three different addresses.
Two addresses received 92.2 billion bitcoins each, and whoever solved the block got an extra 0.01 BTC that did not exist prior to the transaction. This was possible because the code used for checking transactions before including them in a block didn’t account for the case of outputs so large that they overflowed when summed.

Network-wide DoS using malleable signatures in alerts

An attacker build new signatures at a high rate by changing the signature of an alert still in circulation and therefore increasing dramatically the number of valid alerts spreading across the network. This leads to halting all Bitcoin nodes in the network by RAM exhaustion in approximately 4 hours.

New DoS vulnerability by Forcing Continuous Hard Disk Seek/Read Activity

Multiple DoS Vulnerabilties

CosmosSDK

  • Language: Go

Security Advisory 05-30-2019

A high severity vulnerability in the staking module was patched on the Cosmos network which allowed malicious actors to bypass token slashing for bad behavior.

Advisory 09-30-2019

This vulnerability would have allowed for an attacker to carry out a Denial of Service attack against public sentry nodes on Tendermint-powered networks.

https://forum.cosmos.network/t/vulnerability-coordination-retrospective-cosmos-mainnet-security-advisory-magenta-09-30-2019/2850

CPP-Ethereum

Language: C++

Talos Inteligence report - CPP-Ethereum libevm create2 Information Leak Vulnerability

Talos Inteligence report - CPP-Ethereum JSON-RPC Denial Of Service Vulnerabilities

Talos Inteligence report - CPP-Ethereum JSON-RPC miner_start improper authorization Vulnerability

EOS

  • Language: C++

Remote code execution in node

Buffer Overflow Vulnerability in EOS’s WAVM Library and also in latest WAVM Library Parent Repository

Heap Buffer Overflow Vulnerability in EOS’s forked repository of Binaryen Library and also in latest Binaryen Library Parent Repository

Monero

Language: C++

Usage of memcmp may allow timing attacks

Wallet balance bug enable theft from exchanges

Attacker can trick monero wallet into reporting it received twice with alternative tx_keypubs

JSON request to RPC triggers Stack Overflow in RPC Server

DoS for remote nodes using Slow Loris attack

Unauthorized access of Monero wallet by an unprivileged process

The RPC wallet service is not being authorized against the node service. This would allow other proccesess to take RPC wallet service’s place.

Zero-amount miner TX + RingCT allows monero wallet to receive arbitrary amount of monero

By mining a specially crafted block, that still passes daemon verification an attacker can create a miner transaction that appears to the wallet to include sum of XMR picked by the attacker. This can be exploited to steal money from exchanges.

GoEthereum

  • Language: Go

EVM dynamic array maybe occupy large memory

Big hashes in BlockHashes can fill process memory

Remote DoS by memory exhaustion in the TxPool using MsgTxTy

SEC-1 JSON RPC and WebSockets bind to all interfaces

SEC-2 RPC services do not require authentication

SEC-3 JSON RPC interface vulnerable to CSRF

SEC-4 JSON RPC interface allows all origins

SEC-5 Address Collision in secp256k1 key generation

SEC-6 The Go secp256k1 lib does not validate secret key before generating EC key

SEC-7 Negative Value Transactions

SEC-8 No stack size validation for some op codes

SEC-11 Uncle validation does not correctly implement is-kin property

SEC-10 Uncle validation does not include all parts of block header validity function

SEC-12 Block header validation function does not validate gas limit

SEC-13 Parent issue for all uncle validation / logic security issues

SEC-14 single DB lookup table for all objects pose consensus security risk

SEC-15 Parent issue for all invalid data structures & missing type validations

SEC-16 JSON RPC DoS vulnerability for large messages

SEC-17 VM out of memory DoS

SEC-18 RLP decoder unsafe allocation

SEC-19 ECDSA recovery id (V) is casted from uint64 to single byte

SEC-20 VM program counter overflow

SEC-21 back parameter in SIGNEXTEND instr uses uint64 instead of unsigned 256 int

SEC-22 CALLDATACOPY does not write zero to memory if input data offset exceeds input data size

SEC-23 CODECOPY and EXTCODECOPY offset parameter 64 bit overflow

SEC-24 Parent issue for ethash / PoW security issues

SEC-25 ECIES library does not verify whether received point is on curve

SEC-26 Go defer/recover pattern used to catch VM halting conditions

SEC-27 Integer overflow in gas cost calculation of precompiled accounts

SEC-29 Go zero values for missing struct fields in RLP decoding causes caller to panic

SEC-30 Unsigned tx handled as tx from the zero address

SEC-31 Memory DoS by recursive contract calling

SEC-32 VM memory Set function panic when memory is empty (0)

SEC-33 New gas limit validation not handling when block’s gas limit is lower than parent

SEC-34 Add check for minGasLimit in new gas limit validation

SEC-35 BLOCKHASH instruction DoS

SEC-36 Block header nonce overflow

SEC-37 Block header gasUsed field not validated but set for the block

SEC-38 call depth not decremented after return from CALL or CALLCODE

SEC-39 Account nonce incremented before tx validation

SEC-44 EC Recover precompiled contract does not pad input

SEC-45 DoS in hash downloader

SEC-47 Block header mixdigest field not validated

SEC-48 DoS in transaction pool

SEC-49 JUMPDEST vulnerability

SEC-50 RLPx AES CTR keystream reusage

SEC-51 Peer NewBlockMsg DoS

SEC-52 Network DoS from re-broadcast of txs with zero gas price

SEC-53 DoS in block_processor on txs with invalid EC sig

Multiple chains

“Fake Stake” attacks on chain-based Proof-of-Stake cryptocurrencies

Grin

  • Language: Rust

Node security audit

Most vulnerabilities described in the report can be grouped into the following categories, and special care should be taken to prevent these patterns from appearing again in the codebase:

  1. Directory path traversal leading to remote code execution
  2. Memory corruption vulnerabilities in unsafe code blocks located in third-party libraries
  3. Denial of service caused by Rust panics, expects, and unhandled error conditions
  4. Synchronization process denial of service caused by out-of-order P2P messages
  5. Storage-based denial of service caused by failure to clean up temporary files
  6. Node censorship through node ban feature abuse
  7. Failure to ban ill-behaved nodes leading to CPU-based denial of service
  8. Lack of validation of orphan blocks
  9. Insecure file handling leading to local privilege escalation

Parity Ethereum

  • Language: Rust

RPC call causes panic

[Sec Audit] 005 Integer Overflow while decoding untrusted RLP

[Sec Audit] 004 Parity Panic via Integer Overflow in Block Genesis File

Permissions of key files should be tightened

Deadlock while syncing + JSONRPC

RSK

  • Language: Java

ToB Audit - RSKj Runtime

Some of the most prominent issues are:

  1. Resource Leaks in Trie
  2. Erroneous Gas computaton in CALL breaks sending ether to a contract
  3. Wrong msg.value parameter in create leads to a broken contract

DoS through PeerExplorer

Attacker can add arbitrary data to the blockchain without paying gas

Tron

  • Language: Java

DOS attack by consuming all CPU and using all available memory

Zcash

  • Language: C++

ZCash Zerocash protocol - Coinspect Audit

The outstanding issues were:

  1. ScriptSig malleability allows 51% attack by invalidating honest miners blocks
  2. Erroneous nValueOut range check allows CPU-exhaustion attacks
  3. Unlimited number of transaction proofs allows CPU-exhaustion attacks
  4. Improper destination path validation in RPC calls allows arbitrary command execution

Overwinter - Coinspect Audit

The high risk issues are:

  1. Transaction Expiry Enables Node Isolation Attack
  2. Transaction Expiry Enables Transaction Flooding at No Cost

Libsnark, Librustzcash, Zcash-seeder, Zcash-gitian Least Authority Audit

The most prominent issues are:

  1. Pow leaks in ​windowed_exp
  2. Exponent leaks via ​power​ function

ZCash Inflation Bug because of incorrect implementation of Zero-knowledge proofs

Ensure Spec mitigates Double Spending by Coliding InternalH

Faerie Gold Vulnerability

This vulnerability would have made it possible to fool a Zcash user into thinking they received a bunch of spendable notes. In fact, when they try to spend the notes they will find that only one of them can be spent.

4 Likes