[Bug]Malicious validator send fake block locator and halt the network(node is syncing) - Githubissues

AleoNet / snarkOS

A Decentralized Operating System for ZK Applications

http://snarkos.org

Apache License 2.0

4.24k stars 2.59k forks source link

[Bug]Malicious validator send fake block locator and halt the network(node is syncing) #3240

Closed ghostant-1017 closed 2 months ago

ghostant-1017 commented 2 months ago

Malicious validator send fake block locator and halt the network(node is syncing)

Summary:

Malicious validator send fake block locator and halt the network(node is syncing)

Steps To Reproduce:

git clone git@github.com:ghostant-1017/mysnarkOS.git && git checkout attack/block-locator
Start the devnet cd snarkos && ./devnet with 4 validators, 0 clients
Observer the logs, we will find the 2024-04-28T05:47:13.565818Z DEBUG Skipping batch proposal (node is syncing) 2024-04-28T05:47:14.491356Z INFO @@@@@Recevied primary ping from '127.0.0.1:5000'..., height: 100

Proof-of-Concept (PoC)

Assume current_height = 100, malicious validators will forge block_locators at height = 200
Honest validators will find themselves beind, and set is_synced true
All validators will skip proposal since they are syncing.

Supporting Material/References: