Partial Payments: Ripple/Stellar vulnerability

If you are still running a Ripple-connected service and are not aware of tfPartialPayment you need to take immediate action. This also applies to Ripple gatewayd versions v3.23.1 and lower.

On Wednesday October 8th. At 16:22 one of the Justcoin team members reported a massive move of digital money from and to Justcoin. We hit the big red switch immediately and shut down the whole site. We immediately informed both the Stellar Foundation and Ripple Labs. We do not yet know how many exchanges and gateways were attacked or are still vulnerable to the attack. The Stellar Foundation quickly fixed their software.

What is tfPartialPayment?

Unlike Bitcoin and Litecoin, Ripple has a lot of features and many of its features are not implemented or unknown/unused by most developers and users.

Perhaps this is why Ripple/Stellar developers and users did not notice a special transaction flag called tfPartialPayment. It’s poorly documented and not used by any wallet software. It’s like receiving a 100 USD bill with a little note in the corner that says “Actually just worth 1 USD”.

Here’s what a normal transaction looks like:

The amount is denominated in what is called drops, so this is actually a transaction for 22000000 / 1000000 = 22 STR.

Here’s a transaction that is exploiting the tfPartialPayment flag:

Here, the amount in this transaction is for 1000 BTC. But wait, there’s a catch. If you look under meta there’s something called DeliveredAmount. And the delivered amount is only 0.001 BTC. The sender didn’t have 1000 BTC in the first place, he only had 0.001 BTC. In other words, he’s trying to trick the recipient into believing he sent 1000 BTC when in reality they only received 0.001 BTC.

What makes matters more confusing and inconsistent is that the transaction result is still shown as a success even though the amount was not actually sent.

Who and what is affected?

RippleTrade.com was affected until Oct 9th

RippleTrade.com was patched on October 9th

launch.stellar.org will show the wrong amount for partial payments made before Stellar disabled them. I’ve reported the bug. EDIT: Stellar has already fixed the bug

ripple.com/graph does not appear to be fixed

But the most critical application that has been vulnerable is Ripple Labs’ official gateway implementation, gatewayd.

The most depressing thing is that gatewayd was fixed on August 5th, a little over two months ago. At that time, Ripple Labs should have sounded the alarm and informed everyone or disabled partial payments in the network. Neither of the two actions were taken.

UPDATE Oct 12th: We’ve discovered that the issue was reported to Ripple Labs as early as July 21st.

In addition to these, I’m aware that several Ripple and Stellar exchanges are affected and have been attacked.

What has the response been?

The Stellar Foundation has patched their Stellar nodes to permanently remove support for tfPartialPayment. RippleTrade has been patched and several exchanges have been patched.

Conclusion

Gavin Andresen, the chief scientist of the Bitcoin Foundation, has been saying since the beginning of Bitcoin:

Bitcoin is still a work in progress, and you should only risk time or money on it that you can afford to lose.

This week we’ve seen that the warning also applies to the Ripple- and Stellar networks, and probably to every other cryptocurrency network that exists. Even with very talented developers working on these projects and services, the software is still in the BETA-stage. The thing makes this BETA different and scary is that there’s money involved. Therefore cooperation on matters of security is essential for the integrity and growth of this technology.

About the author

Andreas Brekken is the Chief Technology Officer and a co-founder of Justcoin Exchange. Justcoin has supported Ripple payments since April 2013 and was the first exchange add support for Stellar.