Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]Malicious validators can prevent legitimate transactions from being executed. #2451

Open
ghostant-1017 opened this issue May 10, 2024 · 7 comments
Assignees
Labels
bug Something isn't working does not block mainnet For when we make decisions that this will not block mainnet.

Comments

@ghostant-1017
Copy link
Contributor

ghostant-1017 commented May 10, 2024

https://hackerone.com/reports/2498849

Summary:

Malicious validators can prevent legitimate transactions from being executed.

Proof-of-Concept (PoC)

  1. When a malicious validator receives any transaction, it can create a FakeTransaction using the following method: FakeTransaction = Transaction + sample_transiton().
  2. FakeTransaction and Transaction have different TransactionIDs but share the same TransitionIDs, InputIDs, OutputIDs, and TPK. According to the current logic in the code, if the FakeTransaction is sorted before the Transaction in the DAG, it will cause the Transaction to be aborted.
  3. Malicious validators broadcast the FakeTransaction externally via WorkerPing, potentially causing honest validator nodes to prioritize the FakeTransaction over the Transaction.
  4. Furthermore, validators can fabricate FakeTransactions for uncommitted transactions upon proposing each proposal. If a malicious validator is chosen as the leader, it will result in all transactions in the block being aborted.

Impact

This attack can lead to a large number of legitimate transactions being aborted, and the abort_transaction_id will be recorded in the ledger, requiring users to regenerate transactions.

@ghostant-1017 ghostant-1017 added the bug Something isn't working label May 10, 2024
@vicsn vicsn self-assigned this May 13, 2024
vicsn referenced this issue May 13, 2024
See: https://github.com/AleoHQ/snarkVM/issues/2451

A malicious validator can generate a transaction with mostly the same
transitions, which will be aborted causing the victim's transaction
to be filtered out and dropped.
@vicsn
Copy link
Contributor

vicsn commented May 13, 2024

This looks like an issue to me as well. Phrasing the issue in my own words: executions require full verification to avoid malleability attacks. There is a tradeoff between spam reduction (if we abort on partial transaction contents) v.s. censorship resistance (if we abort on the full transaction). The latter seems more important to me.

Fortunately, deployments don't have this particular malleability issue, so a quickfix can be to only call early should_abort_transaction on deployments, which are most expensive to verify: https://github.com/AleoHQ/snarkVM/pull/2452

I think a similar issue is possible when a malicious validator replaces global_state_root/proof/verifying_keys - given that those are not included in the transaction id calculation: https://github.com/AleoHQ/snarkVM/blob/mainnet/ledger/block/src/transaction/merkle.rs#L138 . This might be intentional design, to enable delegation of proofs while retaining deterministic transaction ids.

vicsn referenced this issue May 13, 2024
Executions require full verification to avoid malleability attack.

See: https://github.com/AleoHQ/snarkVM/issues/2451
@vicsn
Copy link
Contributor

vicsn commented May 17, 2024

After additional consideration, we have decided to only partially mitigate this for now and prioritize DoS prevention. Slashing can likely properly mitigate this censorship issue in the future.

@gkp-sumaiya
Copy link

This looks like an issue to me as well.

@HarukaMa
Copy link
Contributor

HarukaMa commented Jun 9, 2024

IIRC we weren't considering any slashing methods; has anything changed since then?

@vicsn
Copy link
Contributor

vicsn commented Jun 10, 2024

IIRC we weren't considering any slashing methods; has anything changed since then?

I view it as likely to be essential to add post-mainnet launch.

@damons damons added the does not block mainnet For when we make decisions that this will not block mainnet. label Jun 11, 2024
@damons
Copy link

damons commented Jun 11, 2024

Doesn't sound like we'd block mainnet for this. Marking as such. Feel free to argue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working does not block mainnet For when we make decisions that this will not block mainnet.
Projects
None yet
Development

No branches or pull requests

6 participants