Exchange Denial of Service in Monero

Ryo Cryptocurrency
Mar 12, 2019 · 2 min read


While discussing the previous Monero vulnerability, I confused the issues (they are both related to the fact that the encrypted amount and commitment are separate entities in RingCTs) and accidentally disclosed this one [ 1 ]. Monero team has had over a week now to examine the source code and surprisingly they have not asked us for any details about the bug.

Description of the issue

Wallet does not perform sufficient error handling when an invalid encrypted amount is met. While the RCT library correctly throws an exception; it is caught and the returned amount is set to zero.

While there is nothing inherently wrong with this behaviour, wallet will attempt to use zero-sized sums in constructing transactions. This will cause the verification of such transaction to fail.

Overall impact of the bug is such that a publicly known wallet address, such as an exchange, can be put out of action through sending many small transactions with invalid encrypted amounts.

This outage is not terminal, and a rescan with a fixed wallet will enable the valid outputs to be used.

Recommended fix that we implemented in Ryo is to ignore zero amounts altogether.

Why did you not report it to Monero?

Because of their long standing and continuing history of toxic behaviour towards security researchers [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ].

At the request of a Monero moderator I’m adding a link to a community discussion on the topic here. Please keep in mind that some posts are NSFW due to abuse being hurled around.

Image for post
Image for post

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store