Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Develop an attack based on transaction limits #231

Open
facundominguez opened this issue Jan 27, 2023 · 2 comments
Open

Develop an attack based on transaction limits #231

facundominguez opened this issue Jan 27, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@facundominguez
Copy link
Member

facundominguez commented Jan 27, 2023

Given the limits on transactions of the Cardano platform, consider testing an attack in cooked that brings contracts with outputs paid to a script just below those limits to prevent further lawful transactions from succeeding.

Here's how the attack works:

  1. The attacker will create a large amount of native tokens, each token having only one unit in existence.
  2. The attacker will pay all of these tokens to the script of a target contract, thus bringing the continuation output of the contract to the limit of what the parameters allow in terms of either transaction size or bytes for storing native tokens.
  3. The contract is stopped from proceeding with transactions that would increase the continuation output.

To fence from this attack, contracts should not only verify that sufficient value is being paid to scripts, but also that no extraneous tokens are part of the payment.

An automated search for this vulnerability could try injecting extraneous tokens in TxOuts paid to scripts. If the transaction is accepted, then this vulnerability might be present.

Update: another variation is to use a single token with very long token name, instead of several tokens.

@mmontin
Copy link
Collaborator

mmontin commented Jan 30, 2023

That's a very good idea. Let's see if we can craft an example in practice, or if this is a known possibility / documented somewhere.

@facundominguez
Copy link
Member Author

Another way to reach transaction limits would be to pay a very large amount of some artificial token. Amounts are represented as Integers that have no upper bound.

@mmontin mmontin added the enhancement New feature or request label Feb 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants