SMT hard fork testing report #4 : Found an exploit, crashed the testnet

image.png

Hey !

This last week was mostly spent polishing my script to create as many smts as I could. And while I was doing that, I noticed that there was more and more timeouts in the testnet, until it completely crashed.

Success ! I found another chain breaking bug :D

Here's how the logs from @drakos 's testnet node looked like :

    database.cpp:2989 apply_block
3515352ms db_with.hpp:125               ~pending_transaction ] Postponed 59239 pending transactions. 393 were applied.
3515426ms witness_plugin.cpp:343        block_production_loo ] Generated block #1 with timestamp 1970-01-01T00:00:00 at time 2019-12-22T20:58:33

At some point the chain crashed so hard that his witness re-generated a first block haha

The exploit

So here's what happened : there are some automated actions on every block, and there's a limit of how many you can put on a single block. And since I was creating 10 smts per block with 10 emissions (which is an automated action). At some point the maximum of automated actions per block would be reached, and the chain would be in a weird state where it can't find the automated action it needs to proceed, since it is assuming that the automated action would have been executed but it didn't since the block was full.

An analogy would be as if you tried to make pasta, you take the pot, want to put water but postpone it, then, expecting water that isn't there (since you postponed it). You put it on the stove. Something is not going to go right

Anyways, this exploit took a few days of spamming the tesnet. This is an extreme case, nobody will create that many smts at that rate in the real world.

Basically by my calculations it took about 57 600 smts creation with emission to crash the testnet. Which would cost a ton for an attacker to exploit (smt have a cost of 1 sbd currently, but might very well be 10 or 100 sbd)

Real world threat

But this is where this attack can be done for much cheaper and much quicker, the problematic part is the emission, not the creation of smt. FYI, you cannot add an emission more than once per block per smt.

If it took me two days with 10 emission per block, it means that if I create 10 smts and emit 10 times per block, without creating more smts, the chain will crash all the same. But with a much lower cost.

But wait there is more ! What if I create 100 smts and then emit 100 times per block ? then the two days is now 5 hours. You get the idea.

And emission is just one of the automated actions, there are probably ways to do this even faster/cheaper.

Good thing we caught this one in the testing phase :)

As always you can see the code that I use for my test cases here : https://github.com/drov0/hf23-testing/

Please consider voting my proposal and steempress as witness

The reason I'm able to do this work and allocate time to it is thanks to the funds from the sps, but I am not too far from not getting funding again, please consider voting on it or unvoting the return proposal : https://steemproposals.com/proposal/50

And finally I am also doing this as part of the witness @steempress if you like what I'm doing please consider voting on it as well. Every bit counts ! It will take you but a few minutes but will greatly help me test the network and the more we test the more steemit and the witnesses will feel confident enough to launch on the main net


Comments
Steemie currently dosen't allow you to make comments. If you want to write something, write it using another frontend (like Steemit)
Click there to view this post on Steemit.com
  • @sidsun

    Now what happens next?

  • @mattsanthonyit

    Wow. Great work

    Posted using Partiko Android

  • @crokkon

    Great find! Is there a limit implemented on how many smts you can create per block for each account, like for votes, comments, etc?

    Posted using Partiko Android

  • @jarvie

    Nicely done.

  • @midlet

    NIce! One less post HF disaster :)

  • @sepracore

    Is it your understanding that this is an easy fix for the Steemit team? Or do feel like this could take some time to sort out?

  • @gangstalking

    On STEEM, EOS or BITSHARES? have crypto? Human Trafficking Included. This is on VOICE as well. The developers are helping terrorists human traffic. WARNING

    Self proclaimed community watchdogs are actually hacking and stalking people.

    This group https://steemit.com/@steemspeak is ran by https://steemit.com/@fyrstikken. They are hacking people that enter this discord server https://discordapp.com/invite/sqxV63P . Once you are hacked they profile you long enough to know all of your activities. They introduce workplace gangstalking visits and bring it to your attention cleverly and discretely so only you get it. They are very covert and tricky with everything they say and do in this server. Some claim to have worked for or are working with the FBI and the NSA. Mixed with decommissioned traders and coding criminals, Its a scary mix of creepy people and their intent is to drive you crazy and deplete everything you have ever acquired in life, even your freedom.

    My hacking started with them introducing ransomware that has options, dump my coin or delete my system drive. They acknowledged this to me in the server as it happened. I've been following this group since before it was on discord. I joined when it was on teamspeak.

    This hacking and stalking is done so they can manipulate the target to pump and dump for them. Threatening and Making victims wear head phones, so nobody in your household can hear thier dramatization towards you. In 2017 this server was side marked as a drama show for entertainment purposes only as an excuse to say whatever they want all the way down to killing a politician. They have a server side command called "hey asshole" making a prompt come up instructing everyone to wear headphones. They want everyone wearing headphones so nobody in your vicinity can hear them mess with you. Fystikken says its because of "mic feedback" but once your a target you get exactly why they make everyone wear headphones.

    With headphones on they subliminally direct victims with very low suggestive whispers mixed into their radio shows music. Combine this with them being able to manipulate their own individual outputs sound volume, which they control on the server side, they can pick what individual people hear at any given time. They decide who you hear on the server and change the volume controls for them. They can make some really low or off for those trying to investigate. They control who hears what and know who is who.

    This team will find absolutely everything they can about you prior to using their suggestive and threatening program. They Introduce pictures that mean something only to the target, inducing paranoia while they watch and listen thru all of your circumvented devices. They are very aware of what makes you tick. They know your work schedule and use it for work stalking along side of this. I received multiple threatening letters to my work and home addressed to my screen name from this group.

    Fyrstikken tells people they are drafted like they did with Facebook at the beginning. He says Facebook was started by forced labor and V2K controlled slaves, just like he creates with his gang for steem and crypto. "Get to work bitch" he tells people once circumvented and intimidated.

    Human trafficking is worse than drugs. Steemit censors important content that will expose them. Look at steemit.com/@gangstalking

  • @novacadian

    ... please consider voting on it or unvoting the return proposal ...

    Done and witness voted having had 3 open up with retirements. Nice work with the debugging!