1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
|
Return-Path: <alicexbt@protonmail.com>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 079CFC002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 10 Sep 2022 10:20:56 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id E03AB60E73
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 10 Sep 2022 10:20:55 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org E03AB60E73
Authentication-Results: smtp3.osuosl.org;
dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com
header.a=rsa-sha256 header.s=protonmail3 header.b=yrMnJQ8W
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: YES
X-Spam-Score: 6.838
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.838 tagged_above=-999 required=5
tests=[BAYES_20=-0.001, BITCOIN_IMGUR=2.043, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FREEMAIL_FROM=0.001, HOSTED_IMG_MULTI_PUB_01=2.999,
PDS_OTHER_BAD_TLD=1.999, RCVD_IN_MSPIKE_H2=-0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 7WuFU9fpsx6N
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 10 Sep 2022 10:20:55 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org D5CEE60E46
Received: from mail-4318.protonmail.ch (mail-4318.protonmail.ch [185.70.43.18])
by smtp3.osuosl.org (Postfix) with ESMTPS id D5CEE60E46
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 10 Sep 2022 10:20:54 +0000 (UTC)
Date: Sat, 10 Sep 2022 10:20:48 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail3; t=1662805252; x=1663064452;
bh=XG9eDOeINs5BwFKRjRZxYFqo7rCqaCRIIon40NSbQdk=;
h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References:
Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
Message-ID;
b=yrMnJQ8WZiuZAeV55yhffoVNDy2hjE+5NaZB5i+algzBcAGJ0G5aYSsTJtNSRtmG9
fkEr29GeUp9T5PzDiDrHZ7BR1fUZy6rD1bLviTEaYYubBX/dDlVRSryPThOqntUdFJ
K2HHOLj64XGNBzkCkpvfedELmFr+/cv3fzCAFiaXld8/ubtmjvWqg2MkTwPoThMVvn
hxlaDEhmIeoiY/2iGsXlMwQ0a9CDRCmRObBMKHfIHRWlnffFyfziNAefDTRnhUts2V
4FNY7fYPsp6b0kP790CjU9t3h4CD4PB7YygF2OrY9kJcM8BMeyOFCw1yKVYojMPY2Q
/t6Sd6YGG8mBw==
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: alicexbt <alicexbt@protonmail.com>
Reply-To: alicexbt <alicexbt@protonmail.com>
Message-ID: <uQ5LTbHpJKnhgCIXly1Ft5rq_8HCz4_jkLP2sHrqvjXNrYbrWuCm2MOC4KmQCoPLlC_esQNi38Hman6j2zJYM2xJUq4W_p8lt_-BH1GHmcM=@protonmail.com>
In-Reply-To: <eCSIPVH6QM3r1n0PGBWr39xv4BSyAWx6q0icycfo4mESnQfNg7NJWRu7wwyoxnR6E9Own_CJxGVufqQhqx1H4JyAQil3MUUkdI_kUC5bmVg=@protonmail.com>
References: <eCSIPVH6QM3r1n0PGBWr39xv4BSyAWx6q0icycfo4mESnQfNg7NJWRu7wwyoxnR6E9Own_CJxGVufqQhqx1H4JyAQil3MUUkdI_kUC5bmVg=@protonmail.com>
Feedback-ID: 40602938:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Sat, 10 Sep 2022 15:31:15 +0000
Subject: Re: [bitcoin-dev] Full Disclosure: Denial of Service in STONEWALLx2
(p2p coinjoin)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Sep 2022 10:20:56 -0000
This has been assigned CVE-2022-35913: https://www.cve.org/CVERecord?id=3DC=
VE-2022-35913
/dev/fd0
Sent with Proton Mail secure email.
------- Original Message -------
On Thursday, July 14th, 2022 at 9:25 AM, alicexbt via bitcoin-dev <bitcoin-=
dev@lists.linuxfoundation.org> wrote:
> Hi bitcoin-dev list members,
>=20
>=20
> STONEWALLx2[1] is a p2p coinjoin transaction in Samourai wallet. The mine=
r fee is split between both participants of the transaction.
>=20
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
> Problem
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
>=20
> Antoine Riard shared the details of DoS attack in an [email][2] on 21 Jun=
e 2022.
>=20
> Proof of Concept:
>=20
> 1) Download Samourai APK, create testnet wallet, get some coins from fauc=
et and claim a paynym in 2 android devices. Consider Bob and Carol are usin=
g these devices.
>=20
> 2) Bob and Carol follow each other's paynyms. Carol is the attacker in th=
is case and she could make several paynyms.
>=20
> 3) Bob initiates a Stonewallx2 transaction that requires collaboration wi=
th Carol.
>=20
> 4) Carol confirms this request in the app.
>=20
> 5) Carol spends the UTXO from wallet configured in electrum with same see=
d before Bob could complete the last step and broadcast STONEWALLx2 transac=
tion. It was non RBF [transaction][3] with 1 sat/vbyte fee rate and was unc=
onfirmed during testing.
>=20
> 6) Bob receives an [error][4] in the app when trying to broadcast Stonewa=
llx2 transaction which disappears in a few seconds. The [progress bar][5] a=
ppears as if wallet is still trying to broadcast the transaction until Bob =
manually go back or close the app.
>=20
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
> Solution
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
>=20
> Suggestions:
>=20
> a) Error message that states collaborator spent her UTXO used in STONEWAL=
Lx2, end the p2p coinjoin process, unfollow collaborator's paynym and sugge=
st user to do such transactions with trusted users only for a while.
>=20
> b) Once full RBF is used by some nodes and miners, attacker's transaction=
could be replaced with a higher fee rate.
>=20
> Conclusions by Samourai:
>=20
> a) As the threat involves the collaborator attacking the spender. We stro=
ngly advise that collab spends be done w/ counterparties with which some me=
asure of trust is shared. As such, this does not seem to have an important =
threat surface.
>=20
> b) Bumping fee won't be simple as fees are shared 50/50 for STONEWALLx2 s=
pends. Change would have to be recalculated for both spender and collaborat=
or. Collab would either have had already authorized a possible fee bump bef=
orehand or would have to be prompted before broadcast.
>=20
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
> Timeline
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
>=20
> 22 June 2022: I emailed Antoine after testing STONEWALLx2
>=20
> 23 June 2022: I shared the details of attack in a confidential issue in S=
amourai wallet [repository][6]
>=20
> 07 July 2022: TDevD (Samourai) acknowledged the issue and wanted to discu=
ss it internally with team
>=20
> 14 July 2022: TDevD shared the conclusions
>=20
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
> Credits
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
>=20
> Antoine Riard discovered DoS vector in p2p coinjoin transactions and help=
ed by responding to emails during testing.
>=20
>=20
> [1]: https://docs.samourai.io/spend-tools
> [2]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/02=
0595.html
> [3]: https://mempool.space/testnet/tx/42db696460a46f196f457779d60acbf46b3=
1accc5414b9eac54b2e785d4c1cbb
> [4]: https://i.imgur.com/6uf3VJn.png
> [5]: https://i.imgur.com/W6ITl4G.gif
> [6]: https://code.samourai.io/wallet/samourai-wallet-android
>=20
>=20
> /dev/fd0
>=20
>=20
> Sent with Proton Mail secure email.
>=20
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
|