Active Boosts

#39675 [BC-Critical] Reward Exploitation via Unvalidated Node Status in "initRewardTX"

Submitted on Feb 4th 2025 at 16:21:52 UTC by @bountyhunter2048 for Audit Comp | Shardeum: Core III

  • Report ID: #39675

  • Report Type: Blockchain/DLT

  • Report severity: Critical

  • Target: https://github.com/shardeum/shardeum/tree/bugbounty

  • Impacts:

    • Direct loss of funds

Description

Brief/Intro

A vulnerability in the initRewardTX function allows malicious actors to claim rewards without running active validator nodes. The function fails to verify if nominee accounts are active network nodes.

Vulnerability Details

It is confusing that there are unfixed known issues in the tags/bugbounty of the Shardeum validator codebase. It makes security researchers to spend time looking back into known issues whenever a bug is found in the codebase. IMHO, Sharduem should start a new bounty only after previously known bugs are fixed.

Anyway I cannot find this exact bug in the known issues. There is a close known issue in claimRewardTX with the name of "Vulnerability in Reward Claim Process Allows Reward Time Manipulation" in the Known before pp1.pdf. However, I think this bug I found is a bit different because the known issue assumes that the node actually went active and served in the network.

However, this bug is in initRewardTX and it basically allows anyone to earn lots of free SHM rewards without really running validators. Well, he just needs one bad validator with the patch file I provided. The bug is that the validate function of initRewardTX never checks if the nominee (node account) is an active node in the network. So, a malicious actor can do the following exploit:

  1. start his bad node and wait until it becomes active

  2. create a wallet and fund it

  3. stake a random nominee using this wallet

  4. visit http://<badNodeIp>:<badNodePort>/init-reward?nominee=<randomNominee>. He can automate this.

  5. Redo step 2, 3 and 4 with different wallet+nominee as many time he can invest (due to staking). He can use the script I provided in the gist.

  6. Wait until his bad node is close to being removed from the network. Actually he can earn more if he has other nodes in the network or wait until his bad node becomes active again after rotated out.

  7. visit http://<badNodeIp>:<badNodePort>/claim-reward?nominee=<randomNominee> for each nominee. He can automate this too.

  8. submit unstake txs for all of his fake nominee and earn rewards without actually running the nodes.

Impact Details

Let's assume he staked 100 fake nodes in a 1280 nodes network and his bad node participated 1280 cycles (assume each node is rotated out per cycle). Assume that Shardeum rewards 1 SHM for an hour of validating. His net profit per node is (1280 - 2 * txFee) = 1279.98 SHM. Total profit will be 127998 SHM and that's a lot of SHM stolen from the network. He can steal more if he can invest more in initial staking or wait longer before doing /claim-reward.

References

Gist: https://gist.github.com/bountyhunter2048/4d4f6f86eaa6c9af7a48abca8614631c

Link to Proof of Concept

https://gist.github.com/bountyhunter2048/4d4f6f86eaa6c9af7a48abca8614631c

Proof of Concept

Proof of Concept

Please see the patch file I provided in the gist. It simply exposes 2 endpoints of /init-reward and /claim-reward that will inject initRewardTX or claimRewardTX for the given nominee account. Please use the hardhat scripts (from the gist) to automate the stake and unstake txs. I will not do a video demo for this because it is a straightforward exploit but if Shardeum needs it I can demo a video.

Gist: https://gist.github.com/bountyhunter2048/4d4f6f86eaa6c9af7a48abca8614631c

Previous#39678 [BC-Critical] Bypass certificate signing validation by double counting signatures due to capitalizationNext#39164 [BC-Insight] service point exhaustion

Was this helpful?