From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id D1C6EC002D for ; Thu, 14 Jul 2022 09:26:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id AAC97425F0 for ; Thu, 14 Jul 2022 09:26:08 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org AAC97425F0 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=Fk7e5/F5 X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: 4.94 X-Spam-Level: **** X-Spam-Status: No, score=4.94 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BITCOIN_IMGUR=2.043, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HOSTED_IMG_MULTI_PUB_01=2.999, PDS_OTHER_BAD_TLD=1.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xA6qFKSeLRp0 for ; Thu, 14 Jul 2022 09:26:07 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 60AB84259A Received: from mail-40141.protonmail.ch (mail-40141.protonmail.ch [185.70.40.141]) by smtp4.osuosl.org (Postfix) with ESMTPS id 60AB84259A for ; Thu, 14 Jul 2022 09:26:07 +0000 (UTC) Date: Thu, 14 Jul 2022 09:25:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1657790764; x=1658049964; bh=UqI7TATXbkkO5PERlq+LqbLLP7MblVkEgh2kkKPDnRA=; h=Date:To:From:Reply-To:Subject:Message-ID:Feedback-ID:From:To:Cc: Date:Subject:Reply-To:Feedback-ID:Message-ID; b=Fk7e5/F5YnQzPW9mg4J8hc/rMODMVYxyUg8aKM8aqiVXOa8njo0dEiGOlZhauObjb adcCUgiR1/KAko9O6QZhDK1lydPvrT7ZeGmEV2Cv8/BQ4BdG7E48mjNRsqz1AFeQJ/ xiPhxT6BcUf1bbT7imV3NAjrruJn3nOQS+PGnEmQGS97/7gvIe++YZ0R+5sivsQR6x BYV7/KgaQVbXaJ2nMfhleSVGXNuYoZOV7AP2fi0U8W3k5/rByrJXfP4yHLbcM9mu4O 35yYoJVJpeVUGe1NYoxAybE8idGF4VQfNCHjVsxR6ZoU+Ck6BKeCjckYGYZ8cDmSB4 g5k4w9ODGYGRA== To: Bitcoin Protocol Discussion From: alicexbt Reply-To: alicexbt Message-ID: Feedback-ID: 40602938:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Thu, 14 Jul 2022 09:31:49 +0000 Subject: [bitcoin-dev] Full Disclosure: Denial of Service in STONEWALLx2 (p2p coinjoin) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2022 09:26:08 -0000 Hi bitcoin-dev list members, STONEWALLx2[1] is a p2p coinjoin transaction in Samourai wallet. The miner = fee is split between both participants of the transaction. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Problem =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Antoine Riard shared the details of DoS attack in an [email][2] on 21 June = 2022. Proof of Concept: 1) Download Samourai APK, create testnet wallet, get some coins from faucet= and claim a paynym in 2 android devices. Consider Bob and Carol are using = these devices. 2) Bob and Carol follow each other's paynyms. Carol is the attacker in this= case and she could make several paynyms. 3) Bob initiates a Stonewallx2 transaction that requires collaboration with= Carol. 4) Carol confirms this request in the app. 5) Carol spends the UTXO from wallet configured in electrum with same seed = before Bob could complete the last step and broadcast STONEWALLx2 transacti= on. It was non RBF [transaction][3] with 1 sat/vbyte fee rate and was uncon= firmed during testing. 6) Bob receives an [error][4] in the app when trying to broadcast Stonewall= x2 transaction which disappears in a few seconds. The [progress bar][5] app= ears as if wallet is still trying to broadcast the transaction until Bob ma= nually go back or close the app. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Solution =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Suggestions: a) Error message that states collaborator spent her UTXO used in STONEWALLx= 2, end the p2p coinjoin process, unfollow collaborator's paynym and suggest= user to do such transactions with trusted users only for a while. b) Once full RBF is used by some nodes and miners, attacker's transaction c= ould be replaced with a higher fee rate. Conclusions by Samourai: a) As the threat involves the collaborator attacking the spender. We strong= ly advise that collab spends be done w/ counterparties with which some meas= ure of trust is shared. As such, this does not seem to have an important th= reat surface. b) Bumping fee won't be simple as fees are shared 50/50 for STONEWALLx2 spe= nds. Change would have to be recalculated for both spender and collaborator= . Collab would either have had already authorized a possible fee bump befor= ehand or would have to be prompted before broadcast. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Timeline =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D 22 June 2022: I emailed Antoine after testing STONEWALLx2 23 June 2022: I shared the details of attack in a confidential issue in Sam= ourai wallet [repository][6] 07 July 2022: TDevD (Samourai) acknowledged the issue and wanted to discuss= it internally with team 14 July 2022: TDevD shared the conclusions =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Credits =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Antoine Riard discovered DoS vector in p2p coinjoin transactions and helped= by responding to emails during testing. [1]: https://docs.samourai.io/spend-tools [2]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/0205= 95.html [3]: https://mempool.space/testnet/tx/42db696460a46f196f457779d60acbf46b31a= ccc5414b9eac54b2e785d4c1cbb [4]: https://i.imgur.com/6uf3VJn.png [5]: https://i.imgur.com/W6ITl4G.gif [6]: https://code.samourai.io/wallet/samourai-wallet-android /dev/fd0 Sent with Proton Mail secure email.