Closed holiman closed 3 years ago
Fantastic find @holiman! Welcome to the party :) This qualifies for a $5k beta-0 attacknet bounty reward. I'll circle back next week to get you on the (soon to be) leaderboard and reach out for payment
Thank you @prestonvanloon for the quick and discrete fix
Thanks!
However, I don't think it would be right for me to accept a bounty, since my job is ethereum security, which does not exclude eth2. Keep the money for future bug hunters :)
Description
There is (was) a bug in Prysm that made it possible for an attacker to crash arbitrary remote nodes via p2p protocol.
Attack scenario
A bug in the prysm ssz decoder assumed a certain input size on block root messages, which caused a
panic
on malformed messages. It turns out that this message can be sent very early, and shut down any node we discover and connect to.Impact
This attack could be used to shut down all prysm-based nodes on the network. It was not executed on the live network, but instead disclosed privately to @prestonvanloon and @djrtwo , and fixed in https://github.com/prysmaticlabs/prysm/pull/6771 .
Details
There's a quirk in the prysm/beacon-chain
ssz
decoder (encoder/ssz.go
)If it reaches this path, expecting to parse a block root message, it blindly assumes that the input is at least
4
bytes.The diff below represents very naive attack which sends such a message at the first possible time -- instead of sending whatever message it wanted to send, it sends a too-short such message, with a topic that should trigger the dangerous path.
Here's the attack code:
Startup script for the attacker (using the modded code)
Startup script for the victim (using
master
code)victim
is started first, and goes through some deposit contract events. Then I start theattacker
, and see this in thevictim
output:This is the output for the
attacker
:It connected, and immediately put the victim to sleep.