Was this helpful?
Submitted on Jan 22nd 2025 at 09:39:16 UTC by @bountyhunter2048 for
Report ID: #39103
Report Type: Blockchain/DLT
Report severity: Insight
Target: https://github.com/shardeum/shardeum/tree/bugbounty
Impacts:
Increasing network processing node resource consumption by at least 30% without brute force actions, compared to the preceding 24 hours
Shardeum embeds staking info in tx.data field of an ethereum tx but it never checks the size of the data field and parse the whatever data attached.
This parsing of staking info const stakeTxString = toAscii(bytesToHex(transaction.data)) never checks the size of transaction.data and allows attacker to inject huge stake txs at constant "5 TPS" and causes nodes to use lots of CPU resources during the parsing.
If the attacker can use powerful machine or execute the script from different machine, he can maintain this attack without time limit because it does not cost him money as these bad txs are destined to fail (due to bad data field).
But, this attack is less dangerous if the attacker uses a single weak machine and unable to keep injecting at least 5 tps.
Here is the vulnerable function: https://github.com/shardeum/shardeum/blob/bugbounty/src/index.ts#L839
Significant increase in the CPU usage as shown in the Demo video. https://youtu.be/7ZHzl-_GxQc
Attack script: https://gist.github.com/bountyhunter2048/47a63a2566fb4600e900c0a2be442246
Demo attack: https://youtu.be/7ZHzl-_GxQc
https://gist.github.com/bountyhunter2048/47a63a2566fb4600e900c0a2be442246
This simple script creates huge stake tx and injects it repeatedly into the network. The CPU usage of nodes goes up a lot. Attacker can execute it free of charge. Please see the demo video for detail.
https://gist.github.com/bountyhunter2048/47a63a2566fb4600e900c0a2be442246
Demo attack: https://youtu.be/7ZHzl-_GxQc
