#42648 [BC-High] Altering the application_priority to fill a block, temporary freezing user transactions

Submitted on Mar 25th 2025 at 07:32:08 UTC by @Capybara for Attackathon | Movement Labs

• Report ID: #42648

• Report Type: Blockchain/DLT

• Report severity: High

• Target: https://github.com/immunefi-team/attackathon-movement/tree/main/networks/movement/movement-full-node

• Impacts:

  • Temporary freezing of network transactions by delaying one block by 500% or more of the average block time of the preceding 24 hours beyond standard difficulty adjustments

Description

Summary

A malicious node can alter the application_priority of a valid transaction to make the sequencer build and sequence to other nodes a block filled with transactions that can't be executed, temporarily freezing other network transactions by delaying them.

Details

The application_priority is one of the values used to generate the key for storing a transaction in the mempool:

fn construct_mempool_transaction_key(transaction: &MempoolTransaction) -> Result<String, Error> {
	// Pre-allocate a string with the required capacity
	let mut key = String::with_capacity(32 + 1 + 32 + 1 + 32 + 1 + 32);
	// Write key components. The numbers are zero-padded to 32 characters.
	key.write_fmt(format_args!(
		"{:032}:{:032}:{:032}:{}",
		transaction.transaction.application_priority(),
		transaction.timestamp,
		transaction.transaction.sequence_number(),
		transaction.transaction.id(),
	))
	.map_err(|_| Error::msg("Error writing mempool transaction key"))?;
	Ok(key)
}

https://github.com/immunefi-team/attackathon-movement/blob/a2790c6ac17b7cf02a69aea172c2b38d2be8ce00/protocol-units/mempool/move-rocks/src/lib.rs#L23-L36

The application_priority is not signed by the user submitting the transaction; instead, the node controls its value.

The attack vector becomes possible when a node can freely control any values used to generate a key to store a transaction in the mempool.

When writing a batch of transactions using batch_write(...), the algorithm:

• Checks if the transaction ID is already in the pool

• If the transaction is not in the pool, it generates a key using the malleable application_priority parameter

• Adds the transaction to an atomic write, but the atomic write is not yet executed.

• If the same transaction id is encountered in the loop, it "should" generate the same key, so instead of inserting a new atomic write it overrides the previous one.

Unfortunately, as one of the parameters used to generate the keys are unsigned and can be controlled by the node, it is possible to batch_write the same transaction multiple times but with a different value for application_priority.

As a result, a different key is generated every time, resulting in the same transaction filling all block spots.

When the block is produced, filled with the same transaction multiple times, and sequenced to other nodes, only 1 of these transactions will be executed, and others will error. However, the malicious node could delay all other user transactions when he fills a block with only one.

Impact

Temporarily freezing other network transactions by delaying them.

Proof of Concept

Proof of Concept

Add the following test to /attackathon-movement/protocol-units/da/movement/protocol/tests/src/test/e2e/raw/sequencer.rs

It takes 1 valid user transaction, and generates 3_000 clones with a different application_priority each.

The sequencer will create blocks with all 3_000 transactions, then sequence them to the nodes, and only 1 will be executed.