Witnet Network Bug Bounty: DOS Bug from Harsh Jain

Harsh Jain
Aug 17 · 2 min read
Image for post
Image for post

For those unaware, Witnet is a Decentralised Permissionless Oracle Network planning to release Mainnet in the middle of October this year. Currently they are doing regress testing and running a Testnet Incentive Program, including a Bug Bounty Program.

I have been running a Witnet node from the start of this Testnet. Alongside that, I also started looking into the code and checking out how the nodes were communicating. In order to join the network, a new node communicates with its peers and exchanges VERSION and VERACK messages to consolidate the connection. If the exchange of these messages doesn’t happen within handshake timeout duration, another thread terminates the connection. Even if the message is erroneous, the connection is live for at least thehandshake timeout period.

As a result, if the number of messages can somehow be increased by decreasing their individual size, we can effectively overload the node with a large number of messages and even consume the resources of the thread that terminates the connection.

Witnet is using PROTOBUF encoded messages for communication. The format of PROTOBUF messages is as follows: firstly, four bytes tell the length of message L, and the next L bytes encompass the actual message. So, the smallest size of the message is 4 bytes: 0x00000000, with 0 being the length of the actual message.

For 1Mbps transfer of data from a malicious node, peers will receive around 32000 messages per second (each message containing 32 bits). This is a huge number of messages to be processed in 1 second, and as a result requires substantial resources from nodes and the handshake timeout function is not called.

This bug was therefore raised because the connection was not closed, and nodes would wait for timeout duration before terminating it. This attack was responsibly disclosed on 31 July. The team acknowledged the DOS possibility and fixed it within a week.

The Witnet Foundation Blog

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store