From: alicexbt <alicexbt@protonmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Full Disclosure: Denial of Service in STONEWALLx2 (p2p coinjoin)
Date: Sat, 10 Sep 2022 10:20:48 +0000 [thread overview]
Message-ID: <uQ5LTbHpJKnhgCIXly1Ft5rq_8HCz4_jkLP2sHrqvjXNrYbrWuCm2MOC4KmQCoPLlC_esQNi38Hman6j2zJYM2xJUq4W_p8lt_-BH1GHmcM=@protonmail.com> (raw)
In-Reply-To: <eCSIPVH6QM3r1n0PGBWr39xv4BSyAWx6q0icycfo4mESnQfNg7NJWRu7wwyoxnR6E9Own_CJxGVufqQhqx1H4JyAQil3MUUkdI_kUC5bmVg=@protonmail.com>
This has been assigned CVE-2022-35913: https://www.cve.org/CVERecord?id=CVE-2022-35913
/dev/fd0
Sent with Proton Mail secure email.
------- Original Message -------
On Thursday, July 14th, 2022 at 9:25 AM, alicexbt via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi bitcoin-dev list members,
>
>
> STONEWALLx2[1] is a p2p coinjoin transaction in Samourai wallet. The miner fee is split between both participants of the transaction.
>
>
> ==========================
> Problem
> ==========================
>
> Antoine Riard shared the details of DoS attack in an [email][2] on 21 June 2022.
>
> Proof of Concept:
>
> 1) Download Samourai APK, create testnet wallet, get some coins from faucet and claim a paynym in 2 android devices. Consider Bob and Carol are using these devices.
>
> 2) Bob and Carol follow each other's paynyms. Carol is the attacker in this case and she could make several paynyms.
>
> 3) Bob initiates a Stonewallx2 transaction that requires collaboration with Carol.
>
> 4) Carol confirms this request in the app.
>
> 5) Carol spends the UTXO from wallet configured in electrum with same seed before Bob could complete the last step and broadcast STONEWALLx2 transaction. It was non RBF [transaction][3] with 1 sat/vbyte fee rate and was unconfirmed during testing.
>
> 6) Bob receives an [error][4] in the app when trying to broadcast Stonewallx2 transaction which disappears in a few seconds. The [progress bar][5] appears as if wallet is still trying to broadcast the transaction until Bob manually go back or close the app.
>
>
> ==========================
> Solution
> ==========================
>
> Suggestions:
>
> a) Error message that states collaborator spent her UTXO used in STONEWALLx2, end the p2p coinjoin process, unfollow collaborator's paynym and suggest user to do such transactions with trusted users only for a while.
>
> b) Once full RBF is used by some nodes and miners, attacker's transaction could be replaced with a higher fee rate.
>
> Conclusions by Samourai:
>
> a) As the threat involves the collaborator attacking the spender. We strongly advise that collab spends be done w/ counterparties with which some measure of trust is shared. As such, this does not seem to have an important threat surface.
>
> b) Bumping fee won't be simple as fees are shared 50/50 for STONEWALLx2 spends. Change would have to be recalculated for both spender and collaborator. Collab would either have had already authorized a possible fee bump beforehand or would have to be prompted before broadcast.
>
>
> ==========================
> Timeline
> ==========================
>
> 22 June 2022: I emailed Antoine after testing STONEWALLx2
>
> 23 June 2022: I shared the details of attack in a confidential issue in Samourai wallet [repository][6]
>
> 07 July 2022: TDevD (Samourai) acknowledged the issue and wanted to discuss it internally with team
>
> 14 July 2022: TDevD shared the conclusions
>
>
> ==========================
> Credits
> ==========================
>
> Antoine Riard discovered DoS vector in p2p coinjoin transactions and helped by responding to emails during testing.
>
>
> [1]: https://docs.samourai.io/spend-tools
> [2]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html
> [3]: https://mempool.space/testnet/tx/42db696460a46f196f457779d60acbf46b31accc5414b9eac54b2e785d4c1cbb
> [4]: https://i.imgur.com/6uf3VJn.png
> [5]: https://i.imgur.com/W6ITl4G.gif
> [6]: https://code.samourai.io/wallet/samourai-wallet-android
>
>
> /dev/fd0
>
>
> Sent with Proton Mail secure email.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
prev parent reply other threads:[~2022-09-10 10:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-14 9:25 [bitcoin-dev] Full Disclosure: Denial of Service in STONEWALLx2 (p2p coinjoin) alicexbt
2022-09-10 10:20 ` alicexbt [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='uQ5LTbHpJKnhgCIXly1Ft5rq_8HCz4_jkLP2sHrqvjXNrYbrWuCm2MOC4KmQCoPLlC_esQNi38Hman6j2zJYM2xJUq4W_p8lt_-BH1GHmcM=@protonmail.com' \
--to=alicexbt@protonmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox