“Fake Stake” Vulnerabilities Resolved
Navcoin Core have successfully resolved the “Fake Stake” resource exhaustion vulnerabilities as described by Andrew Miller and his team of students based out of the University of Illinois.
On the 22nd of September 2018 Navcoin Core were notified of a resource exhaustion vulnerability which was present in Navcoin and several other Proof of Stake cryptocurrencies. The vulnerability was discovered by Andrew Miller, Researcher and Assistant Professor of Electrical & Computer Engineering at the University of Illinois.
Professor Miller provided Navcoin Core with detailed information about the vulnerability and a test suite demonstrating the vulnerability.
In Professor Millers words, the resource exhaustion vulnerability can be described as:
“An attacker that connects to a victim node as a peer can send invalid blocks and/or headers, which are stored in RAM or on disk without being validated. The consequence is that an attacker can connect to a victim node and fill its disk or RAM, until the node crashes or slows.”
The attack risk is considered high because there is virtually no cost to executing this type of attack.
“The attack is easy to carry out, since it does not actually require the attacker to make valid stake transactions. It can be made faster by making multiple socket connections to the victim. In our benchmarks targeting our own node running on the testnet of one affected currency, we were able to fill RAM at the rate of 2MB per second, and disk at a rate of 6MB per second.”
While this type of attack doesn’t target user funds directly, it makes it possible to crash staking nodes reducing the overall network weight and making a 51% attack more plausible.
Professor Miller advised Navcoin Core of the timeline for public disclosure of what he had discovered, giving Navcoin Core and the other affected cryptocurrency engineers the opportunity to implement fixes prior to the publishing of his findings.
Navcoin Core experimented with various mitigation strategies since there was no definitive fix immediately found by Professor Miller or any of the other affected dev teams. After trialling a few different approaches we decided to go with the mitigation which was designed by the Qtum team.
This mitigation involves detecting when a node is spamming headers and then refusing to accept more headers from the misbehaving node. The mitigation was proven as successful by running the tests originally provided by Professor Miller against the updated Navcoin Core daemon and confirming the amount of headers received from the spamming node were significantly reduced.
The mitigation can be found in Pull Request #335 which was merged into Navcoin Core’s master branch on 7 December 2018. This means the mitigation was included in Navcoin Core 4.5.0 on 13 December 2018 and the resource exhaustion vulnerability has been effectively patched since this date.
Since the mitigation only affects the peer to peer layer of the network, no changes to the consensus mechanism were necessary.
Professor Miller has now publicly disclosed the vulnerability and his article on Medium which is why we’re making this public statement today.
You can see in the chart at the end of the article that Navcoin is one of only a handful of notified coins which have fixed the vulnerability.
We would like to thank Professor Miller for his research and for responsibly disclosing this vulnerability to all affected parties, the affected parties for working together to find a solution and everyone involved for not attempting to use the information maliciously in any way.
We would also like to acknowledge Navcoin Core’s adherence to the Navcoin Core Developer Manifesto by not using this information to participate in hostile actions (1.1.5) and to handle critical live bugs with discretion until a patch is available (1.4.5).
We hope that you can understand the need to handle this vulnerability with discretion even after it was patched on the Navcoin network to provide all projects with ample opportunity to resolve the issue without experiencing network disruptions.
A vulnerability was found in Proof of Stake which if exploited would crash nodes on the network which increases the plausibility of performing a 51% attack. The vulnerability was privately disclosed to Navcoin Core and other affected parties last year. The vulnerability has already been resolved in Navcoin Core 4.5.0 and above. The researcher who discovered the vulnerability has made his findings public, so we are now able to inform the wider Navcoin Community about the vulnerability and reassure everyone that the Navcoin network is already protected from this type of attack.