Skip to content
This repository is an extension of our research on cryptocurrency clones and documents existing vulnerabilities discovered in those clones
C++
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CVE-2016-10724
CVE-2018-17144
CVE-2019-7167
README.md

README.md

CVE Extensions

This repository is an extension of our research on cryptocurrency clones and vulnerabilities that takes existing vulnerabilities in major coins and uses clone detection tools as a method of identifying propagation of these vulnerabilities in other coins.

List of documented CVEs

  1. CVE-2018-17144
  2. CVE-2019-7167
  3. CVE-2016-10724
  4. CVE-2016-10725

CVE-2018-17144

National Vulnerability Database (NVD) Report

A reachable assert statement in Bitcoin Core allows a remote denial of service (application crash) exploitable by miners via attempting to double-spend a transaction insinde a mined block. This CVE also later leads to an inflation bug, which we do not focus on here.

The code relevant to this vulnerability can be found in the file validation.cpp of Bitcoin Core 0.14.X. This specific file can be found here.

When a block containing a double spent transaction is validated, it skips the duplicate input check because of the false parameter here. The double spend will reach the function UpdateCoins(), and the inputs to the transaction are being marked as spent in the Unspent Transaction Output(UTXO) database. The first time the transaction is seen, the coins involved are marked as spent. Since the coins involved in the transaction are already marked as spent, the second time the transaction is seen, coins->vout[nPos].IsNull() will be true. It will then enter this if statement and subsequently execute the assert statement that follows. The assert then causes the node to crash, resulting in the denial of service vulnerability. (Paraphrased from Source 2)

The coin(s) that we found to still contain this vulnerability as of 26/3/2019 include:

Total Coins: 6

These coin(s) still contain unpatched instances of the vulnerability in their code base which can be found here

Sources:

  1. CVE-2018-17144 Full Disclosure
  2. Andrew Chow, Bitcoin StackExchange

CVE-2019-7167

National Vulnerability Database (NVD) Report

BCTV14 setup produces elements that violate soundness, misleading the original Sprout zk-SNARK verifier into accepting the correctness of a transaction. This allows an attacker to create very large, virtually unlimited amounts of counterfeit shielded tokens without detection. Zcash has switched to different parameters using a new “Sprout-on-Groth16” proving system as of the Sapling network upgrade on October 28th 2018, and so is not affected by the bug.

The code relevant to this vulnerability can be found in the file JoinSplit.cpp of Zcash 1.X. This specific file can be found here.

The coin(s) that we found to still contain this vulnerability as of 27/5/2019 include:

Total Coins: 1

These coin(s) still contain unpatched instances of the vulnerability in their code base which can be found here

Sources:

  1. [Zcash blog disclosure])(https://z.cash/blog/zcash-counterfeiting-vulnerability-successfully-remediated/)

CVE-2016-10724 / CVE-2016-10725

These two vulnerabilites are closely related and hence are grouped in the same section. All coins presented in this section are vulnerable to both vulnerabilities.

CVE-2016-10724

National Vulnerability Database (NVD) Report

A remote network alert system originating from Bitcoin allows the denial of service (memory exhaustion) if an attacker can sign a message with a certain private key that had been known by unintended actors. Due to an infinitely sized map, an attacker can send a large number of alerts (or very large alerts, or both) to a node, causing the node to run out of memory and crash.

CVE-2016-10725

National Vulnerability Database (NVD) Report

A 'final alert' was developed to prevent attackers from abusing CVE-2016-10724, which comprises a maximum ID alert that overrides all previous alerts. A final alert is an alert that meets the following conditions here. However, due to alerts being classified by their hashes, any alert can be classified as a final alert, which can also cause the the node to run out of memory. Final alerts are also supposed to be uncancellable, but can inadvertently be cancelled. Alerts first check they cancel any existing alert. Then they are checked for whether any of the remaining alerts cancel it. Because of this order, it is possible to create an alert which cancels a final alert before the node checks whether that alert is cancelled by the final alert. Thus an attacker can cancel a final alert with another alert allowing a node to also be vulnerable to CVE-2016-10724.

The alert system in itself also creates a centralized source in the cryptocurrency. Bitcoin has since deprecated the alert system entirely. Bitcoin has also released a patch for the alert vulnerability which can be found here

The code relevant to these vulnerabilities can be found in the file alert.cpp of Bitcoin 0.12.X. This specific file can be found here.

The coin(s) that we found to still contain both CVE-2016-10724 and CVE-2016-10745 as of 14/6/2019 include:

Total Coins: 377

These coin(s) still contain unpatched instances of the vulnerability in their code base which can be found here

Sources:

  1. Bitcoin disclosure
  2. Linux Foundation

Contributors


*All files uploaded have been cloned from their respective coin repositories.

You can’t perform that action at this time.