Open c4-bot-10 opened 3 months ago
141345 marked the issue as primary issue
141345 marked the issue as sufficient quality report
dust ED, very cheap to create account
relate to https://github.com/code-423n4/2024-03-phala-network-findings/issues/60
kvinwang (sponsor) confirmed
OpenCoreCH marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/runtime.rs#L48 https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/types.rs#L11
Vulnerability details
Impact
An attacker can perform a bloat attack by creating a very high amount of dust accounts.
This can occur with a minimal cost for the attacker, and results in a very high and increased cost in terms of storage and fees.
Proof of Concept
On substrate-based runtimes, the Existential Deposit (ED) is the minimum balance needed to have an active account, and it's useful to prevent dust accounts from bloating the storage state. In case the balance goes under the ED, the account will be reaped, i.e. completely removed from storage and the nonce reset.
Storage usage has a cost in terms of fees which impacts all the users, as there is a bigger overhead. The issue is that on the Pink runtime, the ED is dangerously low, which enables bloating attacks.
Let's see how feasible is to perform an attack from a price perspective. On Polkadot, the ED is
1 DOT
. At the moment of writing,1 DOT
is worth about ~$10 USD, so if an attacker would want to split 10 million USD as dust between their own accounts, they would be able to create only 1 million accounts.On the Pink runtime, this is not the case. At the moment of writing
1 PHA
is equal to ~$0.20 USD; but here, the ED is only 1 unit:https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/runtime.rs#L48
As balance is simply a type alias of
u128
:https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/types.rs#L11
And
1 PHA
is equal to1_000_000_000_000
:This means that an account costs only
$0.20 / 1_000_000_000_000
for the attacker.Following the previous
DOT
example, this means that an attacker could create 1 TRILLION accounts by simply paying just$0.20
, but they could create even more accounts (several order of magnitudes bigger) with a small "investment", to fill all the storage.Tools Used
Manual review
Recommended Mitigation Steps
Consider using a reasonable Existential Deposit. I recommend at least one
CENTS
(i.e.1_000_000_000
):Assessed type
Decimal