You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Malicious validator send fake block locator and halt the network(node is syncing)
Steps To Reproduce:
Use this branch.git clone git@github.com:ghostant-1017/mysnarkOS.git && git checkout attack/block-locator
Start the devnet cd snarkos && ./devnet with 4 validators, 0 clients
Observer the logs, we will find the 2024-04-28T05:47:13.565818Z DEBUG Skipping batch proposal (node is syncing) 2024-04-28T05:47:14.491356Z INFO @@@@@Recevied primary ping from '127.0.0.1:5000'..., height: 100
@niklaslong can you comment on this, since I believe we discussed this previously. Shouldn't the continued random sampling of peers ensure that a validator does not get stuck on malicious block_locators for too long?
@niklaslong can you comment on this, since I believe we discussed this previously. Shouldn't the continued random sampling of peers ensure that a validator does not get stuck on malicious block_locators for too long?
It seems that the validator node will not sample peers to disconnect.
@ghostant-1017 If I'm reading this correctly, a single malicious validator is sufficient to reproduce the behaviour? I notice the height is also 0, is this a special case or is it reproducible with a non-empty chain state? Sync logic should contain redundancies (granted not up to quorum) against this type of attack already.
@niklaslong You are right, single malicious validator is sufficient.
You can use that branch in the report, it's reproducible with a non-empty chain state.
Steps:
./devnet with 4 validators 0 client
stop node0 and wait for other 3 nodes produce blocks
restart node0, the network can not produce blocks anymore.
https://hackerone.com/reports/2481394
Summary:
Malicious validator send fake block locator and halt the network(node is syncing)
Steps To Reproduce:
git clone git@github.com:ghostant-1017/mysnarkOS.git && git checkout attack/block-locator
cd snarkos && ./devnet
with 4 validators, 0 clients2024-04-28T05:47:13.565818Z DEBUG Skipping batch proposal (node is syncing) 2024-04-28T05:47:14.491356Z INFO @@@@@Recevied primary ping from '127.0.0.1:5000'..., height: 100
Logs:
Proof-of-Concept (PoC)
current_height = 100
, malicious validators will forge block_locators at height = 200DEBUG Skipping batch proposal (node is syncing)
Impact
Malicious validator send fake block locator and halt the network(node is syncing)
The text was updated successfully, but these errors were encountered: