Stacks I Attackathon

#37861 [BC-Critical] SBTC Signer WSTS implementation allows nonce replays such that a malicious signer can steal all funds

#38458 [BC-Critical] The coordinator can submit empty BTC transactions to drain BTC tokens in the multi-sign wallet

#37718 [BC-High] Key rotations bricks the system due to incorrect `aggregate_key` being used to spend the `peg UTXO` when signing a sweep transaction

#37811 [BC-High] Missing length check when parsing `SignatureShareRequest` in the signers allows the coordinator to halt other signers, shutting down the network

#37814 [BC-High] Signers can crash other signers by sending an invalid `DkgPrivateShares` due to missing check before passing the payload to `SignerStateMachine::process`

#38582 [BC-High] The `BitcoinCoreClient::get_tx_info` does not support coinbase transactions, which may cause sBTC to be attacked by btc miners or sBTC donations to be lost

#38392 [BC-High] Signer can steal STX tokens in multi-sign wallet by setting a high stacks tx fee

#38740 [BC-High] The missing check in Deposits::DepositScriptInputs::parse() permits losing funds by sending them to an invalid principal

#38053 [BC-High] A single signer can continuously prevent signatures from being finalized, halting network operations

#38477 [BC-High] A single signer can abort every attempted signing round by providing an invalid packet once the coordinator requests signature shares

#38111 [BC-High] Attackers can send a very large event in a Stacks block so that the Signer can never get the Stacks event

#38398 [BC-High] Malicious Signers can initiate repeated contract calls to cause the multi-sign wallet to lose tx fee

#37479 [BC-High] A single signer can lock users' funds by not notifying other signers of the executed `sweep` transaction

#38516 [BC-High] Signer can censor transactions and halt the network by providing an invalid nonce or too many nonces

#37777 [BC-Medium] `Emily.create_deposit` can overwrite any deposit to the Pending state

#38133 [BC-Medium] A rogue Signer can censor any deposit request from being processed and fullfilled on the Stacks blockchain

#37384 [BC-Medium] Attacker can front-run call to emily api with incorrect data, preventing legit user from registering their deposit

#38551 [BC-Medium] A signer can request stacks tx nonces in batches in advance and then DoS other signers' sBTC contract calls

#37470 [BC-Medium] SBTC Signers do not page through pending deposit requests making it trivially easy to block legit deposits by spamming Emily API

#38270 [BC-Medium] A signer can send a large number of junk `WstsNetMessage::NonceRequest` through P2P to make other signers run out of memory

#38003 [BC-Medium] A malicious coordinator calling `Emily::update_deposits` can make the entire Signers network inoperable

#37545 [BC-Medium] Deposits with a lock_time of 16 cannot be processed

#38605 [BC-Low] Lack of fee_rate/last_fees validation in handle_bitcoin_pre_sign_request ebables rogue signer to cause financial loss to depositors

#38028 [BC-Low] There is a Partial Network Degradation Due to DynamoDB GSI Throttling Under High Traffic

#38460 [BC-Low] The coordinator can set a higher BTC tx fee than the current network to make users to pay more fees to the BTC miner

#37500 [BC-Low] Blocklist can be circumvented due to incorrect blocking logic in `request_decider::can_accept_deposit_request`

#38671 [BC-Insight] Signer key rotation is not possible due to deadlock between submitting key rotation to Stacks and retrieving it

#38030 [BC-Insight] Coordinator can be crashed by signers on DKG

#38223 [BC-Insight] Attackers can disrupt the tag order of gossip messages to bypass signature verification

#38690 [BC-Insight] A malicious coordinator can run multiple DKG coordination in parallel and manipulate their order to break the signers network

#38160 [BC-Insight] Governance calling `sbtc-registry.update-protocol-contract` may cause Stacks' events to be ignored by the signer

#37530 [BC-Insight] Deposits can be completely DoSed due to incorrect transaction construction

#37718 [BC-High] Key rotations bricks the system due to incorrect `aggregate_key` being used to spend the `peg UTXO` when signing a sweep transaction

#37777 [BC-Medium] `Emily.create_deposit` can overwrite any deposit to the Pending state

#37811 [BC-High] Missing length check when parsing `SignatureShareRequest` in the signers allows the coordinator to halt other signers, shutting down the network

#37814 [BC-High] Signers can crash other signers by sending an invalid `DkgPrivateShares` due to missing check before passing the payload to `SignerStateMachine::process`

#38582 [BC-High] The `BitcoinCoreClient::get_tx_info` does not support coinbase transactions, which may cause sBTC to be attacked by btc miners or sBTC donations to be lost

#38605 [BC-Low] Lack of fee_rate/last_fees validation in handle_bitcoin_pre_sign_request ebables rogue signer to cause financial loss to depositors

#37861 [BC-Critical] SBTC Signer WSTS implementation allows nonce replays such that a malicious signer can steal all funds

#38392 [BC-High] Signer can steal STX tokens in multi-sign wallet by setting a high stacks tx fee

#38671 [BC-Insight] Signer key rotation is not possible due to deadlock between submitting key rotation to Stacks and retrieving it

#38458 [BC-Critical] The coordinator can submit empty BTC transactions to drain BTC tokens in the multi-sign wallet

#38028 [BC-Low] There is a Partial Network Degradation Due to DynamoDB GSI Throttling Under High Traffic

#38030 [BC-Insight] Coordinator can be crashed by signers on DKG

#38740 [BC-High] The missing check in Deposits::DepositScriptInputs::parse() permits losing funds by sending them to an invalid principal

#38053 [BC-High] A single signer can continuously prevent signatures from being finalized, halting network operations

#38133 [BC-Medium] A rogue Signer can censor any deposit request from being processed and fullfilled on the Stacks blockchain

#37384 [BC-Medium] Attacker can front-run call to emily api with incorrect data, preventing legit user from registering their deposit

#38460 [BC-Low] The coordinator can set a higher BTC tx fee than the current network to make users to pay more fees to the BTC miner

#38477 [BC-High] A single signer can abort every attempted signing round by providing an invalid packet once the coordinator requests signature shares

#38111 [BC-High] Attackers can send a very large event in a Stacks block so that the Signer can never get the Stacks event

#38551 [BC-Medium] A signer can request stacks tx nonces in batches in advance and then DoS other signers' sBTC contract calls

#37470 [BC-Medium] SBTC Signers do not page through pending deposit requests making it trivially easy to block legit deposits by spamming Emily API

#38223 [BC-Insight] Attackers can disrupt the tag order of gossip messages to bypass signature verification

#38270 [BC-Medium] A signer can send a large number of junk `WstsNetMessage::NonceRequest` through P2P to make other signers run out of memory

#38690 [BC-Insight] A malicious coordinator can run multiple DKG coordination in parallel and manipulate their order to break the signers network

#37500 [BC-Low] Blocklist can be circumvented due to incorrect blocking logic in `request_decider::can_accept_deposit_request`

#38160 [BC-Insight] Governance calling `sbtc-registry.update-protocol-contract` may cause Stacks' events to be ignored by the signer

#37530 [BC-Insight] Deposits can be completely DoSed due to incorrect transaction construction

#38398 [BC-High] Malicious Signers can initiate repeated contract calls to cause the multi-sign wallet to lose tx fee

#37479 [BC-High] A single signer can lock users' funds by not notifying other signers of the executed `sweep` transaction

#38003 [BC-Medium] A malicious coordinator calling `Emily::update_deposits` can make the entire Signers network inoperable

#37545 [BC-Medium] Deposits with a lock_time of 16 cannot be processed

#38516 [BC-High] Signer can censor transactions and halt the network by providing an invalid nonce or too many nonces