Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
fix(security): close DDoS vulnerability in eth tx consistenty strategy
See original GitHub issueDescription
The application performs some repetitive tasks in a loop and defines the number of times to perform the loop according to user input. A very high value could cause the application to get stuck in the loop and to be unable to continue to other operations.
Affected files are all the eth flavored connector plugins that have the consistencyStrategy request parameter when executing transactions.
packages/cactus-plugin-ledger-connector-besu/src/main/typescript/plugin-ledger-connector-besu.tspackages/cactus-plugin-ledger-connector-xdai/src/main/typescript/plugin-ledger-connector-xdai.tspackages/cactus-plugin-ledger-connector-quorum/src/main/typescript/plugin-ledger-connector-quorum.ts
do {
tries++;
timedOut = Date.now() >= startedAt.getTime() + timeoutMs;
if (timedOut) {
break;
}
txReceipt = await this.web3.eth.getTransactionReceipt(txHash);
if (!txReceipt) {
continue;
}
const latestBlockNo = await this.web3.eth.getBlockNumber();
confirmationCount = latestBlockNo - txReceipt.blockNumber;
} while (confirmationCount >= consistencyStrategy.blockConfirmations);
Impact
An attacker could input a very high value, potentially causing a denial of service (DoS).
Remediation Recommendation
Don’t base a loop on loosely validated user-provided data. The range should be limited. Always include a maximum value for each user input in the openapi.json specs.
Change the maximum for allowed block count to 20 thousand (a little over what the ethereum main net confirms in a 72 hour period according to the latest statistics at time of this writing: https://ycharts.com/indicators/ethereum_blocks_per_day
Breaking Change Discussion
Fixing this will be a breaking change, because previously valid requests will now get rejected by the API server. An argument could be made that it’s only a breaking change for those who were previously sending malicious requests and for no one else and therefore it is not really a breaking change even though it technically is.
@izuru0 @takeutak @jagpreetsinghsasan Please weigh in on the question presented in Breaking Change Discussion
Issue Analytics
- State:
- Created a year ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thanks @petermetz for descriptive reasoning. And I agree 100% with the fact that, layering the security measures is the best way out.
@jagpreetsinghsasan A rate-limiter would be a partial solution because it can be defeated. For example if it rate limits based on IP address then one can use a set of proxies to avoid it entirely. With that said, everything else is also just a partial solution because nothing eliminate the possibility of DoS completely. It is a cat and mouse game that has to be played forever.
Layering defenses is almost always a good idea, so IMO the strongest protection would be to do both.