This article was first published on Stories by Qtum on Medium
A group of researchers in the Decentralized Systems Lab at UIUC discovered “a series of resource exhaustion vulnerabilities” that affect numerous proof-of-stake networks, including Qtum.
To be clear, no funds were ever at risk. The attack illustrated by the team is a type of denial-of-service (DoS) attack that can only be run against a single node at a time.
Nonetheless, we have been in touch with these researchers for several months through the team’s responsible disclosure of the bug. We appreciate the Decentralized System Lab’s research and the way they went about making us aware so we could fix the issue before it was made public over the past week.
The researchers presented two types of attacks:
- “No Stake” — header spam attack
- “Spent stake” — full blocks spam (not possible on Qtum)
As stated in the original article, only the “No Stake” vulnerability affected Qtum; however, we have already mitigated the risks of an attack from this vector in our 0.16.2 release.
The “No Stake” attack consisted of two similar but distinct attack vectors that could enable an attacker to cause a peer to run out of memory in the case of the first attack vector or disk space in the case of the second attack vector.
The first of these attack vectors was caused by insufficient validation before storing headers in memory. A potential attacker could, therefore, cause peers to run out of memory by flooding them with invalid headers. The reason why this was possible was that Qtum inherits Bitcoin’s headers-first feature that was introduced in version 0.10.0 of Bitcoin. In Bitcoin, the header’s proof-of-work (PoW) is validated before the header is stored in memory. However, there does not exist any PoW in Qtum’s proof-of-stake (PoS) protocol and the PoS in Qtum can only be fully validated once the full block is received since ...
To keep reading, please go to the original article at:
Stories by Qtum on Medium