1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
Return-Path: <alicexbt@protonmail.com>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
by lists.linuxfoundation.org (Postfix) with ESMTP id D1C6EC002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 14 Jul 2022 09:26:08 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id AAC97425F0
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 14 Jul 2022 09:26:08 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org AAC97425F0
Authentication-Results: smtp4.osuosl.org;
dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com
header.a=rsa-sha256 header.s=protonmail3 header.b=Fk7e5/F5
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: 4.94
X-Spam-Level: ****
X-Spam-Status: No, score=4.94 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, BITCOIN_IMGUR=2.043, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FREEMAIL_FROM=0.001, HOSTED_IMG_MULTI_PUB_01=2.999,
PDS_OTHER_BAD_TLD=1.999, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=no autolearn_force=no
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id xA6qFKSeLRp0
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 14 Jul 2022 09:26:07 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 60AB84259A
Received: from mail-40141.protonmail.ch (mail-40141.protonmail.ch
[185.70.40.141])
by smtp4.osuosl.org (Postfix) with ESMTPS id 60AB84259A
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 14 Jul 2022 09:26:07 +0000 (UTC)
Date: Thu, 14 Jul 2022 09:25:56 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail3; t=1657790764; x=1658049964;
bh=UqI7TATXbkkO5PERlq+LqbLLP7MblVkEgh2kkKPDnRA=;
h=Date:To:From:Reply-To:Subject:Message-ID:Feedback-ID:From:To:Cc:
Date:Subject:Reply-To:Feedback-ID:Message-ID;
b=Fk7e5/F5YnQzPW9mg4J8hc/rMODMVYxyUg8aKM8aqiVXOa8njo0dEiGOlZhauObjb
adcCUgiR1/KAko9O6QZhDK1lydPvrT7ZeGmEV2Cv8/BQ4BdG7E48mjNRsqz1AFeQJ/
xiPhxT6BcUf1bbT7imV3NAjrruJn3nOQS+PGnEmQGS97/7gvIe++YZ0R+5sivsQR6x
BYV7/KgaQVbXaJ2nMfhleSVGXNuYoZOV7AP2fi0U8W3k5/rByrJXfP4yHLbcM9mu4O
35yYoJVJpeVUGe1NYoxAybE8idGF4VQfNCHjVsxR6ZoU+Ck6BKeCjckYGYZ8cDmSB4
g5k4w9ODGYGRA==
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: alicexbt <alicexbt@protonmail.com>
Reply-To: alicexbt <alicexbt@protonmail.com>
Message-ID: <eCSIPVH6QM3r1n0PGBWr39xv4BSyAWx6q0icycfo4mESnQfNg7NJWRu7wwyoxnR6E9Own_CJxGVufqQhqx1H4JyAQil3MUUkdI_kUC5bmVg=@protonmail.com>
Feedback-ID: 40602938:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Thu, 14 Jul 2022 09:31:49 +0000
Subject: [bitcoin-dev] Full Disclosure: Denial of Service in STONEWALLx2
(p2p coinjoin)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 09:26:08 -0000
Hi bitcoin-dev list members,
STONEWALLx2[1] is a p2p coinjoin transaction in Samourai wallet. The miner =
fee is split between both participants of the transaction.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Problem
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Antoine Riard shared the details of DoS attack in an [email][2] on 21 June =
2022.
Proof of Concept:
1) Download Samourai APK, create testnet wallet, get some coins from faucet=
and claim a paynym in 2 android devices. Consider Bob and Carol are using =
these devices.
2) Bob and Carol follow each other's paynyms. Carol is the attacker in this=
case and she could make several paynyms.
3) Bob initiates a Stonewallx2 transaction that requires collaboration with=
Carol.
4) Carol confirms this request in the app.
5) Carol spends the UTXO from wallet configured in electrum with same seed =
before Bob could complete the last step and broadcast STONEWALLx2 transacti=
on. It was non RBF [transaction][3] with 1 sat/vbyte fee rate and was uncon=
firmed during testing.
6) Bob receives an [error][4] in the app when trying to broadcast Stonewall=
x2 transaction which disappears in a few seconds. The [progress bar][5] app=
ears as if wallet is still trying to broadcast the transaction until Bob ma=
nually go back or close the app.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Solution
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Suggestions:
a) Error message that states collaborator spent her UTXO used in STONEWALLx=
2, end the p2p coinjoin process, unfollow collaborator's paynym and suggest=
user to do such transactions with trusted users only for a while.
b) Once full RBF is used by some nodes and miners, attacker's transaction c=
ould be replaced with a higher fee rate.
Conclusions by Samourai:
a) As the threat involves the collaborator attacking the spender. We strong=
ly advise that collab spends be done w/ counterparties with which some meas=
ure of trust is shared. As such, this does not seem to have an important th=
reat surface.
b) Bumping fee won't be simple as fees are shared 50/50 for STONEWALLx2 spe=
nds. Change would have to be recalculated for both spender and collaborator=
. Collab would either have had already authorized a possible fee bump befor=
ehand or would have to be prompted before broadcast.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Timeline
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
22 June 2022: I emailed Antoine after testing STONEWALLx2
23 June 2022: I shared the details of attack in a confidential issue in Sam=
ourai wallet [repository][6]
07 July 2022: TDevD (Samourai) acknowledged the issue and wanted to discuss=
it internally with team
14 July 2022: TDevD shared the conclusions
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Credits
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Antoine Riard discovered DoS vector in p2p coinjoin transactions and helped=
by responding to emails during testing.
[1]: https://docs.samourai.io/spend-tools
[2]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/0205=
95.html
[3]: https://mempool.space/testnet/tx/42db696460a46f196f457779d60acbf46b31a=
ccc5414b9eac54b2e785d4c1cbb
[4]: https://i.imgur.com/6uf3VJn.png
[5]: https://i.imgur.com/W6ITl4G.gif
[6]: https://code.samourai.io/wallet/samourai-wallet-android
/dev/fd0
Sent with Proton Mail secure email.
|
