search
Active Boosts

#42102 [BC-High] uncontrolled resource consumption is resulting in OOM via RPC (public one)

Submitted on Mar 20th 2025 at 20:04:06 UTC by @fnmain for Attackathon | Movement Labsarrow-up-right

  • Report ID: #42102

  • Report Type: Blockchain/DLT

  • Report severity: High

  • Target: https://github.com/immunefi-team/attackathon-movement/tree/main/networks/movement/movement-full-node

  • Impacts:

    • RPC API crash affecting programs with greater than or equal to 25% of the market capitalization on top of the respective layer

hashtag
Description

hashtag
Brief/Intro

the API server do not check for size limits or stored data which means an attacker can just loop sending operation until it fills up the whole memory , note: the max size is capped at uint64_t max

hashtag
Vulnerability Details

at the public RPC port the server do not validate the content length size which can lead to DoS (crash due OOM) since the attacker will need just to submit a request with a huge size and then looping a send with junk data until it consume all node memory .

hashtag
Impact Details

oom , crash

hashtag
References

Add any relevant links to documentation or code

hashtag
Proof of Concept

hashtag
Proof of Concept

as first step to verify the existence of the weakness you can execute curl 127.0.0.1:30731/v1/transactions -XPOST -H "Content-type: application/json" -H "Content-length: 1024102410241024" -v; echo you will see that the server is waiting for data even if the content length is non logical

hashtag
python script to exploit it :

Previous#42011 [BC-High] Duplicate tx IDs in blockchain blocks are possibleNext#42112 [BC-Critical] Using `blob.GetAll` instead of `blob.Get` for Celestia DA opens full nodes to fraudulent block attacks

Was this helpful?