[teku-attack-0 Reward] Crash discovery service with malformed WHOAREYOU packet

atoulme commented 4 years ago

Description

Using a malformed RLP packet, we crash the discovery service of Teku permanently.

Attack scenario

We identify the public key of a Teku node, from which we compute its nodeId per discv5/ENR spec.
We craft a WHOAREYOU tag: sha256(dest-node-id || "WHOAREYOU")
We add 0xc1c0 as the body of the message, instead of the expected data.

Impact

Teku throws an exception while handling the invalid RLP.
Teku no longer responds to any packets hitting its discovery port.
No errors are thrown going forward and packets are received, but the discovery pipeline doesn't respond.

Details

This is a very simple attack to pull off, as it requires just one packet per node. It will not stop consensus right away. It may be used to knock all Teku nodes off the network and eclipse other nodes.

Exception thrown by Teku:

ndle the exception.
reactor.core.Exceptions$ErrorCallbackNotImplemented: java.lang.ClassCastException: class org.web3j.rlp.RlpList cannot be cast to class org.web3j.rlp.RlpString (org.web3j.rlp.RlpList and org.web3j.rlp.RlpString are in unnamed module
 of loader 'app')
Caused by: java.lang.ClassCastException: class org.web3j.rlp.RlpList cannot be cast to class org.web3j.rlp.RlpString (org.web3j.rlp.RlpList and org.web3j.rlp.RlpString are in unnamed module of loader 'app')
        at org.ethereum.beacon.discovery.packet.WhoAreYouPacket.decode(WhoAreYouPacket.java:88) ~[discovery-0.3.8-dev-840e90be.jar:0.3.8-dev-840e90be]
        at org.ethereum.beacon.discovery.packet.WhoAreYouPacket.getAuthTag(WhoAreYouPacket.java:60) ~[discovery-0.3.8-dev-840e90be.jar:0.3.8-dev-840e90be]
        at org.ethereum.beacon.discovery.pipeline.handler.WhoAreYouSessionResolver.handle(WhoAreYouSessionResolver.java:47) ~[discovery-0.3.8-dev-840e90be.jar:0.3.8-dev-840e90be]
        at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onNext(FluxPeekFuseable.java:189) ~[reactor-core-3.3.7.RELEASE.jar:3.3.7.RELEASE]
        at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onNext(FluxPeekFuseable.java:203) ~[reactor-core-3.3.7.RELEASE.jar:3.3.7.RELEASE]
        at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onNext(FluxPeekFuseable.java:203) ~[reactor-core-3.3.7.RELEASE.jar:3.3.7.RELEASE]
        at reactor.core.publisher.FluxReplay$SizeBoundReplayBuffer.replayNormal(FluxReplay.java:814) ~[reactor-core-3.3.7.RELEASE.jar:3.3.7.RELEASE]
        at reactor.core.publisher.FluxReplay$SizeBoundReplayBuffer.replay(FluxReplay.java:898) ~[reactor-core-3.3.7.RELEASE.jar:3.3.7.RELEASE]
        at reactor.core.publisher.ReplayProcessor.onNext(ReplayProcessor.java:442) ~[reactor-core-3.3.7.RELEASE.jar:3.3.7.RELEASE]
        at reactor.core.publisher.FluxCreate$IgnoreSink.next(FluxCreate.java:618) ~[reactor-core-3.3.7.RELEASE.jar:3.3.7.RELEASE]

jrhea commented 4 years ago

CC @Nashatyrev

djrtwo commented 4 years ago

Sorry for the delay. Thank you @atoulme ! Although this wouldn't halt finality directly, (as you noted) it can utilized in more complex scenarios to cause finality issues so this qualifies for the $5k reward tier.

Can you reach out to me at eth2bounty@ethereum.org to get payment setup?

Also, note that this program is recently be deprecated in favor of the eth2bounty program. It should encompass any of the issues you might have found here and more. Current rewards are up to $50k! Happy bug hunting

ethereum / public-attacknets