Awesome Blockchain Security
The purpose of this document is to gather public information on vulnerabilities introduced on Blockchains node software.
Bitcoin Core
- Language: C++
Inflation bug
- https://bitcoincore.org/en/2018/09/20/notice/
- https://medium.com/@awemany/600-microseconds-b70f87b0b2a6
Leaf Node weakness in Bitcoin Merkle Tree Design
This document describes a weakness in Bitcoin Design that reduces the security of SPV proofs and therefore SPV Wallets.
RPC service enable connections from other process
It is possible for another user on the system to quietly bind the IPv4 localhost port, and forward requests to the IPv6 localhost port, intercepting the request, response, and authentication credentials.
Note: This is a super low vulnerability, but it is good practice to add this kind of things in documentations.
Combined output Overflow
On August 15 2010, it was discovered that block 74638 contained a transaction that created 184,467,440,737.09551616 bitcoins for three different addresses.
Two addresses received 92.2 billion bitcoins each, and whoever solved the block got an extra 0.01 BTC that did not exist prior to the transaction. This was possible because the code used for checking transactions before including them in a block didn’t account for the case of outputs so large that they overflowed when summed.
Network-wide DoS using malleable signatures in alerts
An attacker build new signatures at a high rate by changing the signature of an alert still in circulation and therefore increasing dramatically the number of valid alerts spreading across the network. This leads to halting all Bitcoin nodes in the network by RAM exhaustion in approximately 4 hours.
New DoS vulnerability by Forcing Continuous Hard Disk Seek/Read Activity
Multiple DoS Vulnerabilties
CosmosSDK
- Language: Go
Security Advisory 05-30-2019
A high severity vulnerability in the staking module was patched on the Cosmos network which allowed malicious actors to bypass token slashing for bad behavior.
Advisory 09-30-2019
This vulnerability would have allowed for an attacker to carry out a Denial of Service attack against public sentry nodes on Tendermint-powered networks.
CPP-Ethereum
Language: C++
Talos Inteligence report - CPP-Ethereum libevm create2 Information Leak Vulnerability
Talos Inteligence report - CPP-Ethereum JSON-RPC Denial Of Service Vulnerabilities
Talos Inteligence report - CPP-Ethereum JSON-RPC miner_start improper authorization Vulnerability
EOS
- Language: C++
Remote code execution in node
Buffer Overflow Vulnerability in EOS’s WAVM Library and also in latest WAVM Library Parent Repository
Heap Buffer Overflow Vulnerability in EOS’s forked repository of Binaryen Library and also in latest Binaryen Library Parent Repository
Monero
Language: C++
Usage of memcmp may allow timing attacks
Wallet balance bug enable theft from exchanges
Attacker can trick monero wallet into reporting it received twice with alternative tx_keypubs
JSON request to RPC triggers Stack Overflow in RPC Server
DoS for remote nodes using Slow Loris attack
Unauthorized access of Monero wallet by an unprivileged process
The RPC wallet service is not being authorized against the node service. This would allow other proccesess to take RPC wallet service’s place.
Zero-amount miner TX + RingCT allows monero wallet to receive arbitrary amount of monero
By mining a specially crafted block, that still passes daemon verification an attacker can create a miner transaction that appears to the wallet to include sum of XMR picked by the attacker. This can be exploited to steal money from exchanges.
GoEthereum
- Language: Go
EVM dynamic array maybe occupy large memory
Big hashes in BlockHashes can fill process memory
Remote DoS by memory exhaustion in the TxPool using MsgTxTy
SEC-1 JSON RPC and WebSockets bind to all interfaces
SEC-2 RPC services do not require authentication
SEC-3 JSON RPC interface vulnerable to CSRF
SEC-4 JSON RPC interface allows all origins
SEC-5 Address Collision in secp256k1 key generation
SEC-6 The Go secp256k1 lib does not validate secret key before generating EC key
SEC-7 Negative Value Transactions
SEC-8 No stack size validation for some op codes
SEC-11 Uncle validation does not correctly implement is-kin property
SEC-10 Uncle validation does not include all parts of block header validity function
SEC-12 Block header validation function does not validate gas limit
SEC-13 Parent issue for all uncle validation / logic security issues
SEC-14 single DB lookup table for all objects pose consensus security risk
SEC-15 Parent issue for all invalid data structures & missing type validations
SEC-16 JSON RPC DoS vulnerability for large messages
SEC-17 VM out of memory DoS
SEC-18 RLP decoder unsafe allocation
SEC-19 ECDSA recovery id (V) is casted from uint64 to single byte
SEC-20 VM program counter overflow
SEC-21 back parameter in SIGNEXTEND instr uses uint64 instead of unsigned 256 int
SEC-22 CALLDATACOPY does not write zero to memory if input data offset exceeds input data size
SEC-23 CODECOPY and EXTCODECOPY offset parameter 64 bit overflow
SEC-24 Parent issue for ethash / PoW security issues
SEC-25 ECIES library does not verify whether received point is on curve
SEC-26 Go defer/recover pattern used to catch VM halting conditions
SEC-27 Integer overflow in gas cost calculation of precompiled accounts
SEC-29 Go zero values for missing struct fields in RLP decoding causes caller to panic
SEC-30 Unsigned tx handled as tx from the zero address
SEC-31 Memory DoS by recursive contract calling
SEC-32 VM memory Set function panic when memory is empty (0)
SEC-33 New gas limit validation not handling when block’s gas limit is lower than parent
SEC-34 Add check for minGasLimit in new gas limit validation
SEC-35 BLOCKHASH instruction DoS
SEC-36 Block header nonce overflow
SEC-37 Block header gasUsed field not validated but set for the block
SEC-38 call depth not decremented after return from CALL or CALLCODE
SEC-39 Account nonce incremented before tx validation
SEC-44 EC Recover precompiled contract does not pad input
SEC-45 DoS in hash downloader
SEC-47 Block header mixdigest field not validated
SEC-48 DoS in transaction pool
SEC-49 JUMPDEST vulnerability
SEC-50 RLPx AES CTR keystream reusage
SEC-51 Peer NewBlockMsg DoS
SEC-52 Network DoS from re-broadcast of txs with zero gas price
SEC-53 DoS in block_processor on txs with invalid EC sig
Multiple chains
“Fake Stake” attacks on chain-based Proof-of-Stake cryptocurrencies
Grin
- Language: Rust
Node security audit
Most vulnerabilities described in the report can be grouped into the following categories, and special care should be taken to prevent these patterns from appearing again in the codebase:
- Directory path traversal leading to remote code execution
- Memory corruption vulnerabilities in unsafe code blocks located in third-party libraries
- Denial of service caused by Rust panics, expects, and unhandled error conditions
- Synchronization process denial of service caused by out-of-order P2P messages
- Storage-based denial of service caused by failure to clean up temporary files
- Node censorship through node ban feature abuse
- Failure to ban ill-behaved nodes leading to CPU-based denial of service
- Lack of validation of orphan blocks
- Insecure file handling leading to local privilege escalation
Parity Ethereum
- Language: Rust
RPC call causes panic
[Sec Audit] 005 Integer Overflow while decoding untrusted RLP
[Sec Audit] 004 Parity Panic via Integer Overflow in Block Genesis File
Permissions of key files should be tightened
Deadlock while syncing + JSONRPC
RSK
- Language: Java
ToB Audit - RSKj Runtime
Some of the most prominent issues are:
- Resource Leaks in Trie
- Erroneous Gas computaton in CALL breaks sending ether to a contract
- Wrong msg.value parameter in create leads to a broken contract
DoS through PeerExplorer
Attacker can add arbitrary data to the blockchain without paying gas
Tron
- Language: Java
DOS attack by consuming all CPU and using all available memory
Zcash
- Language: C++
ZCash Zerocash protocol - Coinspect Audit
The outstanding issues were:
- ScriptSig malleability allows 51% attack by invalidating honest miners blocks
- Erroneous nValueOut range check allows CPU-exhaustion attacks
- Unlimited number of transaction proofs allows CPU-exhaustion attacks
- Improper destination path validation in RPC calls allows arbitrary command execution
Overwinter - Coinspect Audit
The high risk issues are:
- Transaction Expiry Enables Node Isolation Attack
- Transaction Expiry Enables Transaction Flooding at No Cost
Libsnark, Librustzcash, Zcash-seeder, Zcash-gitian Least Authority Audit
The most prominent issues are:
- Pow leaks in ​windowed_exp
- Exponent leaks via ​power​ function
ZCash Inflation Bug because of incorrect implementation of Zero-knowledge proofs
Ensure Spec mitigates Double Spending by Coliding InternalH
Faerie Gold Vulnerability
This vulnerability would have made it possible to fool a Zcash user into thinking they received a bunch of spendable notes. In fact, when they try to spend the notes they will find that only one of them can be spent.