* [bitcoin-dev] Full Disclosure: Denial of Service in STONEWALLx2 (p2p coinjoin)
@ 2022-07-14 9:25 alicexbt
2022-09-10 10:20 ` alicexbt
0 siblings, 1 reply; 2+ messages in thread
From: alicexbt @ 2022-07-14 9:25 UTC (permalink / raw)
To: Bitcoin Protocol Discussion
Hi bitcoin-dev list members,
STONEWALLx2[1] is a p2p coinjoin transaction in Samourai wallet. The miner fee is split between both participants of the transaction.
==========================
Problem
==========================
Antoine Riard shared the details of DoS attack in an [email][2] on 21 June 2022.
Proof of Concept:
1) Download Samourai APK, create testnet wallet, get some coins from faucet and claim a paynym in 2 android devices. Consider Bob and Carol are using these devices.
2) Bob and Carol follow each other's paynyms. Carol is the attacker in this case and she could make several paynyms.
3) Bob initiates a Stonewallx2 transaction that requires collaboration with Carol.
4) Carol confirms this request in the app.
5) Carol spends the UTXO from wallet configured in electrum with same seed before Bob could complete the last step and broadcast STONEWALLx2 transaction. It was non RBF [transaction][3] with 1 sat/vbyte fee rate and was unconfirmed during testing.
6) Bob receives an [error][4] in the app when trying to broadcast Stonewallx2 transaction which disappears in a few seconds. The [progress bar][5] appears as if wallet is still trying to broadcast the transaction until Bob manually go back or close the app.
==========================
Solution
==========================
Suggestions:
a) Error message that states collaborator spent her UTXO used in STONEWALLx2, end the p2p coinjoin process, unfollow collaborator's paynym and suggest user to do such transactions with trusted users only for a while.
b) Once full RBF is used by some nodes and miners, attacker's transaction could be replaced with a higher fee rate.
Conclusions by Samourai:
a) As the threat involves the collaborator attacking the spender. We strongly advise that collab spends be done w/ counterparties with which some measure of trust is shared. As such, this does not seem to have an important threat surface.
b) Bumping fee won't be simple as fees are shared 50/50 for STONEWALLx2 spends. Change would have to be recalculated for both spender and collaborator. Collab would either have had already authorized a possible fee bump beforehand or would have to be prompted before broadcast.
==========================
Timeline
==========================
22 June 2022: I emailed Antoine after testing STONEWALLx2
23 June 2022: I shared the details of attack in a confidential issue in Samourai wallet [repository][6]
07 July 2022: TDevD (Samourai) acknowledged the issue and wanted to discuss it internally with team
14 July 2022: TDevD shared the conclusions
==========================
Credits
==========================
Antoine Riard discovered DoS vector in p2p coinjoin transactions and helped by responding to emails during testing.
[1]: https://docs.samourai.io/spend-tools
[2]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html
[3]: https://mempool.space/testnet/tx/42db696460a46f196f457779d60acbf46b31accc5414b9eac54b2e785d4c1cbb
[4]: https://i.imgur.com/6uf3VJn.png
[5]: https://i.imgur.com/W6ITl4G.gif
[6]: https://code.samourai.io/wallet/samourai-wallet-android
/dev/fd0
Sent with Proton Mail secure email.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bitcoin-dev] Full Disclosure: Denial of Service in STONEWALLx2 (p2p coinjoin)
2022-07-14 9:25 [bitcoin-dev] Full Disclosure: Denial of Service in STONEWALLx2 (p2p coinjoin) alicexbt
@ 2022-09-10 10:20 ` alicexbt
0 siblings, 0 replies; 2+ messages in thread
From: alicexbt @ 2022-09-10 10:20 UTC (permalink / raw)
To: Bitcoin Protocol Discussion
This has been assigned CVE-2022-35913: https://www.cve.org/CVERecord?id=CVE-2022-35913
/dev/fd0
Sent with Proton Mail secure email.
------- Original Message -------
On Thursday, July 14th, 2022 at 9:25 AM, alicexbt via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi bitcoin-dev list members,
>
>
> STONEWALLx2[1] is a p2p coinjoin transaction in Samourai wallet. The miner fee is split between both participants of the transaction.
>
>
> ==========================
> Problem
> ==========================
>
> Antoine Riard shared the details of DoS attack in an [email][2] on 21 June 2022.
>
> Proof of Concept:
>
> 1) Download Samourai APK, create testnet wallet, get some coins from faucet and claim a paynym in 2 android devices. Consider Bob and Carol are using these devices.
>
> 2) Bob and Carol follow each other's paynyms. Carol is the attacker in this case and she could make several paynyms.
>
> 3) Bob initiates a Stonewallx2 transaction that requires collaboration with Carol.
>
> 4) Carol confirms this request in the app.
>
> 5) Carol spends the UTXO from wallet configured in electrum with same seed before Bob could complete the last step and broadcast STONEWALLx2 transaction. It was non RBF [transaction][3] with 1 sat/vbyte fee rate and was unconfirmed during testing.
>
> 6) Bob receives an [error][4] in the app when trying to broadcast Stonewallx2 transaction which disappears in a few seconds. The [progress bar][5] appears as if wallet is still trying to broadcast the transaction until Bob manually go back or close the app.
>
>
> ==========================
> Solution
> ==========================
>
> Suggestions:
>
> a) Error message that states collaborator spent her UTXO used in STONEWALLx2, end the p2p coinjoin process, unfollow collaborator's paynym and suggest user to do such transactions with trusted users only for a while.
>
> b) Once full RBF is used by some nodes and miners, attacker's transaction could be replaced with a higher fee rate.
>
> Conclusions by Samourai:
>
> a) As the threat involves the collaborator attacking the spender. We strongly advise that collab spends be done w/ counterparties with which some measure of trust is shared. As such, this does not seem to have an important threat surface.
>
> b) Bumping fee won't be simple as fees are shared 50/50 for STONEWALLx2 spends. Change would have to be recalculated for both spender and collaborator. Collab would either have had already authorized a possible fee bump beforehand or would have to be prompted before broadcast.
>
>
> ==========================
> Timeline
> ==========================
>
> 22 June 2022: I emailed Antoine after testing STONEWALLx2
>
> 23 June 2022: I shared the details of attack in a confidential issue in Samourai wallet [repository][6]
>
> 07 July 2022: TDevD (Samourai) acknowledged the issue and wanted to discuss it internally with team
>
> 14 July 2022: TDevD shared the conclusions
>
>
> ==========================
> Credits
> ==========================
>
> Antoine Riard discovered DoS vector in p2p coinjoin transactions and helped by responding to emails during testing.
>
>
> [1]: https://docs.samourai.io/spend-tools
> [2]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html
> [3]: https://mempool.space/testnet/tx/42db696460a46f196f457779d60acbf46b31accc5414b9eac54b2e785d4c1cbb
> [4]: https://i.imgur.com/6uf3VJn.png
> [5]: https://i.imgur.com/W6ITl4G.gif
> [6]: https://code.samourai.io/wallet/samourai-wallet-android
>
>
> /dev/fd0
>
>
> Sent with Proton Mail secure email.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-09-10 10:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-14 9:25 [bitcoin-dev] Full Disclosure: Denial of Service in STONEWALLx2 (p2p coinjoin) alicexbt
2022-09-10 10:20 ` alicexbt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox