10000 [Governance] Disrupting the chain through the actions of a solitary malicious CN node by hyunsooda · Pull Request #1942 · klaytn/klaytn · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Aug 19, 2024. It is now read-only.

[Governance] Disrupting the chain through the actions of a solitary malicious CN node #1942

Merged
merged 1 commit into from
Aug 29, 2023
Merged

[Governance] Disrupting the chain through the actions of a solitary malicious CN node #1942

merged 1 commit into from
Aug 29, 2023

Conversation

hyunsooda
Copy link
Contributor

Proposed changes

Each CN have a power to vote global network parameter. Let me describe how a single CN can destroy the entire chain. Note that this attack is not exploiting the protocol, rather it targets the implementation error.

Problem

Assume that a governance mode is none (ballot is also feasible to attack. Explained later). Single CN can change any global parameter in this mode. The mintingamount item had not been well considered for an allowed set of input values. So, any negative values are acceptable. In the next epoch, all the validators do not claim that the scheduled voting is not illegal. And, it successfully shipped to the block at the first epoch. At 2nd epoch, the EffectiveParams start to malfunction because the checkers between govParamType and GovernanceItems are slightly different.

The type checker for big integer of GovernanceItems:

func checkBigInt(k string, v interface{}) bool {
    x := new(big.Int)
    if _, ok := x.SetString(v.(string), 10); ok {
        return true
    }
    return false
}

The type checker for big integer of govParamType:

validate: func(v interface{}) bool { 
    if n, ok := new(big.Int).SetString(v.(string), 10); ok {
        return n.Sign() >= 0 // must be non-negative.
    }
    return false
},

Implication

By the malfunctioning of the EffectiveParams, the chain does not proceed with necessary works such as header verification and creating a new snapshot. Restarting does not solve this problem. Either only rewinding the chain for all CNs, PNs, and ENs or a new hardfork will fix it.

In the Ballot mode, a few of CN can launch this attack too by having total voting occupation over 50%, not requiring over 2/3 nodes' to agree.

Types of changes

Please put an x in the boxes related to your change.

  • Bugfix
  • New feature or enhancement
  • Others

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

  • I have read the CONTRIBUTING GUIDELINES doc
  • I have signed the CLA
  • Lint and unit tests pass locally with my changes ($ make test)
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • Any dependent changes have been merged and published in downstream modules

Related issues

  • Please leave the issue numbers or links related to this PR here.

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

@blukat29 blukat29 merged commit 904c475 into klaytn:dev Aug 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@blukat29 blukat29 blukat29 approved these changes

@ian0371 ian0371 ian0371 approved these changes

@yoomee1313 yoomee1313 yoomee1313 approved these changes

Assignees

@hyunsooda hyunsooda

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hyunsooda @blukat29 @ian0371 @yoomee1313
0