Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 079CFC002D for ; Sat, 10 Sep 2022 10:20:56 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id E03AB60E73 for ; Sat, 10 Sep 2022 10:20:55 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org E03AB60E73 Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=yrMnJQ8W X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: YES X-Spam-Score: 6.838 X-Spam-Level: ****** X-Spam-Status: Yes, score=6.838 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, BITCOIN_IMGUR=2.043, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HOSTED_IMG_MULTI_PUB_01=2.999, PDS_OTHER_BAD_TLD=1.999, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7WuFU9fpsx6N for ; Sat, 10 Sep 2022 10:20:55 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org D5CEE60E46 Received: from mail-4318.protonmail.ch (mail-4318.protonmail.ch [185.70.43.18]) by smtp3.osuosl.org (Postfix) with ESMTPS id D5CEE60E46 for ; Sat, 10 Sep 2022 10:20:54 +0000 (UTC) Date: Sat, 10 Sep 2022 10:20:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1662805252; x=1663064452; bh=XG9eDOeINs5BwFKRjRZxYFqo7rCqaCRIIon40NSbQdk=; h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID; b=yrMnJQ8WZiuZAeV55yhffoVNDy2hjE+5NaZB5i+algzBcAGJ0G5aYSsTJtNSRtmG9 fkEr29GeUp9T5PzDiDrHZ7BR1fUZy6rD1bLviTEaYYubBX/dDlVRSryPThOqntUdFJ K2HHOLj64XGNBzkCkpvfedELmFr+/cv3fzCAFiaXld8/ubtmjvWqg2MkTwPoThMVvn hxlaDEhmIeoiY/2iGsXlMwQ0a9CDRCmRObBMKHfIHRWlnffFyfziNAefDTRnhUts2V 4FNY7fYPsp6b0kP790CjU9t3h4CD4PB7YygF2OrY9kJcM8BMeyOFCw1yKVYojMPY2Q /t6Sd6YGG8mBw== To: Bitcoin Protocol Discussion From: alicexbt Reply-To: alicexbt Message-ID: In-Reply-To: References: Feedback-ID: 40602938:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Sat, 10 Sep 2022 15:31:15 +0000 Subject: Re: [bitcoin-dev] Full Disclosure: Denial of Service in STONEWALLx2 (p2p coinjoin) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Sep 2022 10:20:56 -0000 This has been assigned CVE-2022-35913: https://www.cve.org/CVERecord?id=3DC= VE-2022-35913 /dev/fd0 Sent with Proton Mail secure email. ------- Original Message ------- On Thursday, July 14th, 2022 at 9:25 AM, alicexbt via bitcoin-dev wrote: > Hi bitcoin-dev list members, >=20 >=20 > STONEWALLx2[1] is a p2p coinjoin transaction in Samourai wallet. The mine= r fee is split between both participants of the transaction. >=20 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D > Problem > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D >=20 > Antoine Riard shared the details of DoS attack in an [email][2] on 21 Jun= e 2022. >=20 > Proof of Concept: >=20 > 1) Download Samourai APK, create testnet wallet, get some coins from fauc= et and claim a paynym in 2 android devices. Consider Bob and Carol are usin= g these devices. >=20 > 2) Bob and Carol follow each other's paynyms. Carol is the attacker in th= is case and she could make several paynyms. >=20 > 3) Bob initiates a Stonewallx2 transaction that requires collaboration wi= th Carol. >=20 > 4) Carol confirms this request in the app. >=20 > 5) Carol spends the UTXO from wallet configured in electrum with same see= d before Bob could complete the last step and broadcast STONEWALLx2 transac= tion. It was non RBF [transaction][3] with 1 sat/vbyte fee rate and was unc= onfirmed during testing. >=20 > 6) Bob receives an [error][4] in the app when trying to broadcast Stonewa= llx2 transaction which disappears in a few seconds. The [progress bar][5] a= ppears as if wallet is still trying to broadcast the transaction until Bob = manually go back or close the app. >=20 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D > Solution > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D >=20 > Suggestions: >=20 > a) Error message that states collaborator spent her UTXO used in STONEWAL= Lx2, end the p2p coinjoin process, unfollow collaborator's paynym and sugge= st user to do such transactions with trusted users only for a while. >=20 > b) Once full RBF is used by some nodes and miners, attacker's transaction= could be replaced with a higher fee rate. >=20 > Conclusions by Samourai: >=20 > a) As the threat involves the collaborator attacking the spender. We stro= ngly advise that collab spends be done w/ counterparties with which some me= asure of trust is shared. As such, this does not seem to have an important = threat surface. >=20 > b) Bumping fee won't be simple as fees are shared 50/50 for STONEWALLx2 s= pends. Change would have to be recalculated for both spender and collaborat= or. Collab would either have had already authorized a possible fee bump bef= orehand or would have to be prompted before broadcast. >=20 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D > Timeline > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D >=20 > 22 June 2022: I emailed Antoine after testing STONEWALLx2 >=20 > 23 June 2022: I shared the details of attack in a confidential issue in S= amourai wallet [repository][6] >=20 > 07 July 2022: TDevD (Samourai) acknowledged the issue and wanted to discu= ss it internally with team >=20 > 14 July 2022: TDevD shared the conclusions >=20 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D > Credits > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D >=20 > Antoine Riard discovered DoS vector in p2p coinjoin transactions and help= ed by responding to emails during testing. >=20 >=20 > [1]: https://docs.samourai.io/spend-tools > [2]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/02= 0595.html > [3]: https://mempool.space/testnet/tx/42db696460a46f196f457779d60acbf46b3= 1accc5414b9eac54b2e785d4c1cbb > [4]: https://i.imgur.com/6uf3VJn.png > [5]: https://i.imgur.com/W6ITl4G.gif > [6]: https://code.samourai.io/wallet/samourai-wallet-android >=20 >=20 > /dev/fd0 >=20 >=20 > Sent with Proton Mail secure email. >=20 > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev