Was this helpful?
Submitted on Feb 4th 2025 at 16:21:52 UTC by @bountyhunter2048 for
Report ID: #39675
Report Type: Blockchain/DLT
Report severity: Critical
Target: https://github.com/shardeum/shardeum/tree/bugbounty
Impacts:
Direct loss of funds
A vulnerability in the initRewardTX function allows malicious actors to claim rewards without running active validator nodes. The function fails to verify if nominee accounts are active network nodes.
It is confusing that there are unfixed known issues in the tags/bugbounty of the Shardeum validator codebase. It makes security researchers to spend time looking back into known issues whenever a bug is found in the codebase. IMHO, Sharduem should start a new bounty only after previously known bugs are fixed.
Anyway I cannot find this exact bug in the known issues. There is a close known issue in claimRewardTX with the name of "Vulnerability in Reward Claim Process Allows Reward Time Manipulation" in the . However, I think this bug I found is a bit different because the known issue assumes that the node actually went active and served in the network.
However, this bug is in initRewardTX and it basically allows anyone to earn lots of free SHM rewards without really running validators. Well, he just needs one bad validator with the patch file I provided. The bug is that the validate function of initRewardTX never checks if the nominee (node account) is an active node in the network. So, a malicious actor can do the following exploit:
start his bad node and wait until it becomes active
create a wallet and fund it
stake a random nominee using this wallet
visit http://<badNodeIp>:<badNodePort>/init-reward?nominee=<randomNominee>. He can automate this.
Redo step 2, 3 and 4 with different wallet+nominee as many time he can invest (due to staking). He can use the script I provided in the gist.
Wait until his bad node is close to being removed from the network. Actually he can earn more if he has other nodes in the network or wait until his bad node becomes active again after rotated out.
visit http://<badNodeIp>:<badNodePort>/claim-reward?nominee=<randomNominee> for each nominee. He can automate this too.
submit unstake txs for all of his fake nominee and earn rewards without actually running the nodes.
Let's assume he staked 100 fake nodes in a 1280 nodes network and his bad node participated 1280 cycles (assume each node is rotated out per cycle). Assume that Shardeum rewards 1 SHM for an hour of validating. His net profit per node is (1280 - 2 * txFee) = 1279.98 SHM. Total profit will be 127998 SHM and that's a lot of SHM stolen from the network. He can steal more if he can invest more in initial staking or wait longer before doing /claim-reward.
Gist: https://gist.github.com/bountyhunter2048/4d4f6f86eaa6c9af7a48abca8614631c
https://gist.github.com/bountyhunter2048/4d4f6f86eaa6c9af7a48abca8614631c
Please see the patch file I provided in the gist. It simply exposes 2 endpoints of /init-reward and /claim-reward that will inject initRewardTX or claimRewardTX for the given nominee account. Please use the hardhat scripts (from the gist) to automate the stake and unstake txs. I will not do a video demo for this because it is a straightforward exploit but if Shardeum needs it I can demo a video.
Gist: https://gist.github.com/bountyhunter2048/4d4f6f86eaa6c9af7a48abca8614631c
