Closed feezybabee closed 2 months ago
This PR should address the issue - https://github.com/AleoHQ/snarkOS/pull/3232.
The finding was related to another issue we were observing in devnet, but this change should address both concerns.
@ghostant-1017 Please confirm if you believe this fix is sufficient!
Hi @raychu86 ,
The attack doesn't work only for validators which is syncing. In fact, it works for ALL SYNCED validators.
The attacker will always generate block which height is latest_height + 1
, so that other validators will find themselves are behind, and send BlockRequest to the attacker.
Please reevaluate the severity of the report. Thank you!
@ghostant-1017 Happy to re-evaluate the report security, lets correspond in HackerOne regarding that.
In the meantime, we have another addition to this fix in the form of https://github.com/AleoHQ/snarkOS/pull/3233 that addresses an edge case. Would love you have your review of this as well.
Closing with https://github.com/AleoHQ/snarkOS/pull/3232
https://hackerone.com/reports/2469178
Summary:
BFT sync logic is not safe after PR #3217 ; 2 malicious validators can send invalid block_locators and blocks to other nodes, and the other nodes will accept them and get halted.
Steps To Reproduce:
./devnet.sh
with 8 validators.Proof-of-Concept (PoC)
This attack only requires two validator nodes and is independent of the amount staked by the validators, so it doesn't violate the Byzantine assumption.
partner_pk
. The purpose of using this private key is to generate aBatchCertificate
that can pass validation checks.current_height
andcurrent_round
, Validator0 can create a Block for heightcurrent_height + 1
using its ownprivate_key
and thepartner_key
. This Block can pass validation checks performed by other nodes'check_next_block
function and be successfully advanced by other nodes usingadvance_next_block
. Refer to the code here.PrimaryPing
(interval 5s => 1s), ensuring that other nodes detect theBlock
which iscurrent_height + 1
.Event::BlockRequest
from other nodes, it can send the incorrectBlock
to them.BlockResponse
, the malicious Block will pass all checks and eventually be advanced using advance_to_next_block, causing the ledger to be in an incorrect state.It's worth noting that the malicious Block may not pass
sync_certificate_with_blocks
, but since the attack is sustainable, other nodes will eventually end up in an incorrect state.Impact
Two malicious validators can halt the network. Recommendation to mitigate this: add quorum check for Subdag when check_next_block.