Impact
A malicious peer acting as a state-sync source can crash a syncing node by sending a crafted TrieChunk whose proof contains two TrieProofNodes with identical keys. TrieProof::verify() calls TrieProofNode::child_index() (primitives/src/trie/trie_proof_node.rs:94), which unconditionally unwraps KeyNibbles::get(self.key.len()). Because is_prefix_of returns true for two equal keys, execution reaches get(len), which returns None, and the unwrap() panics.
The panic is reached from untrusted network input (ResponseChunk → commit_chunks → put_chunk → proof.verify()) before any cryptographic proof verification, so the attacker does not need to produce a valid proof. Exploitation requires the attacker to be selected as the victim's sync peer while the victim is performing state sync, and the resulting crash is transient (the node restarts and re-syncs).
Affected: core-rs-albatross <= 1.5.1 (nimiq-primitives).
Patches
Fixed in 1.6.0 via nimiq/core-rs-albatross#3789 (commit 41d35ace). child_index now rejects equal-length keys and returns MerkleRadixTrieError::WrongPrefix instead of unwrapping.
Workarounds
None other than syncing only from trusted peers. Upgrade to 1.6.0.
References
Impact
A malicious peer acting as a state-sync source can crash a syncing node by sending a crafted
TrieChunkwhose proof contains twoTrieProofNodes with identical keys.TrieProof::verify()callsTrieProofNode::child_index()(primitives/src/trie/trie_proof_node.rs:94), which unconditionally unwrapsKeyNibbles::get(self.key.len()). Becauseis_prefix_ofreturnstruefor two equal keys, execution reachesget(len), which returnsNone, and theunwrap()panics.The panic is reached from untrusted network input (
ResponseChunk→commit_chunks→put_chunk→proof.verify()) before any cryptographic proof verification, so the attacker does not need to produce a valid proof. Exploitation requires the attacker to be selected as the victim's sync peer while the victim is performing state sync, and the resulting crash is transient (the node restarts and re-syncs).Affected: core-rs-albatross <= 1.5.1 (
nimiq-primitives).Patches
Fixed in 1.6.0 via nimiq/core-rs-albatross#3789 (commit
41d35ace).child_indexnow rejects equal-length keys and returnsMerkleRadixTrieError::WrongPrefixinstead of unwrapping.Workarounds
None other than syncing only from trusted peers. Upgrade to 1.6.0.
References