Node Crash via libsecp256k1 Validation Failure during P2P Handshake

Summary

A security flaw in the bor implementation, stemming from a vulnerability in GETH, was identified and validated through the Polygon Bug Bounty Program. This issue posed a significant risk, as it could have enabled a malicious node to execute a Denial of Service (DoS) attack on the network, potentially disrupting the node’s operations. Specifically, a vulnerable node could be forced to shut down or crash upon receiving a specially crafted message.

The root cause of the vulnerability lies in the public key compression mechanism during the handshake process. A malformed public key triggers a critical error in the underlying cryptographic library, leading to node failure. This flaw could be exploited during a malicious P2P handshake, allowing an attacker to target and crash arbitrary nodes.

Technical Details of the Vulnerability

The vulnerability resides in the p2p handshake pipeline, particularly during the validation of public keys when establishing a connection. The issue arises due to inadequate validation in the libsecp256k1 library when compressing a malformed public key, resulting in a fatal error.

Vulnerable Code Path

  1. A handshake connection is initiated via Server.SetupConn().
  2. The connection creates a node using nodeFromConn().
  3. This invokes NewV4(), which attempts to sign the node record.
  4. During the signing process, the malformed key triggers an error in libsecp256k1.

Call Stack Leading to the Vulnerability

github.com/ethereum/go-ethereum/crypto/secp256k1.CompressPubkey()

github.com/ethereum/go-ethereum/crypto.CompressPubkey

github.com/ethereum/go-ethereum/p2p/enode.Secp256k1.EncodeRLP

github.com/ethereum/go-ethereum/p2p/enode.signV4Compat

github.com/ethereum/go-ethereum/p2p/enode.NewV4

github.com/ethereum/go-ethereum/p2p.nodeFromConn

github.com/ethereum/go-ethereum/p2p.(*Server).setupConn

The vulnerability occurs when the node processes a malformed public key, leading to a critical failure in the cryptographic implementation. This highlights insufficient validation of peer credentials prior to cryptographic operations.

Resolution and Mitigation

The issue has been addressed in GETH version 1.14.13 and later releases. The fix includes enhanced validation mechanisms to prevent the processing of malformed public keys during the handshake process.

References

Bor: The bor client has incorporated the upstream fixes from GETH upon their release, ensuring the vulnerability is mitigated in the affected systems. See the tag here

1 Like