Description
On November 17, 2020, several users reported a single Idena wallet collecting mined coins from numerous validated accounts. One of the messages was published in the Idena public group in Telegram:
Actions taken by the Idena core team
- 663 suspicious accounts were identified.
- The Idena team discovered a vulnerability in the Idena app.
- The patched version of the Idena app 0.18.0 was released on November 18, 2020.
Vulnerability details
The root cause of the vulnerability is a bug in the flip randomization algorithm. Every flip consists of 4 images. Once a flip is created, the meaningful and meaningless stories are encoded with 2 sequences of indexes for the 4 images. For instance, the meaningful story: [1, 2, 3, 4], the meaningless story: [1, 2, 4, 3] where the last two images were swopped.
Obviously, the consequence of [1, 2, 3, 4] exposes the right answer. In order to prevent it, the random permutations are applied for the indexes. For instance, the meaningful story: [4, 3, 1, 2], the meaningless story: [4, 3, 2, 1].
There are 24 random permutations possible for the meaningful story encoding:
1: [1, 2, 3, 4]
2: [1, 2, 4, 3]
3: [1, 4, 3, 2]
4: [4, 2, 3, 1]
…
24: [4, 3, 2, 1]
However, because of the bug in the randomization algorithm only 6 out of 24 permutations were possible to generate for encoding the meaningful story. At the same time, all 24 permutations were available for encoding the meaningless story. Thus the meaningless story could be identified if the consequence of indexes does not match the known 6 permutations of the meaningful story. Ultimately this gave a very high probability (close to 90%) of guessing the right answer.
Impact
We were monitoring the validation ceremony on December 1, 2020. The Idena team activated 60 invitation codes before the validation session to collect decrypted flips. Around 1700 flips were collected. Only 1/3 of the flips could be successfully solved using the exposed vulnerability, which means that the majority of the flips were submitted with the patched Idena app version 0.18.0. Ultimately we did not identify any Idena accounts that managed to exploit the fixed vulnerability.
We also analyzed the list of suspicious accounts. Judging by their behavior during the validation ceremony, these accounts were validated by humans (not bots) with a high probability.
***
Idena invites software security researchers to participate in the bug bounty program to hunt down its vulnerabilities. 100k iDNA will be granted to the first person who provides reliable information about a bug or a backdoor that can be exploited to successfully validate many accounts algorithmically. See more details here.
