Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check the value assertion only on valid amounts #1134

Merged
merged 1 commit into from
Aug 8, 2022
Merged

Check the value assertion only on valid amounts #1134

merged 1 commit into from
Aug 8, 2022

Conversation

sanket1729
Copy link
Member

@sanket1729 sanket1729 commented Aug 8, 2022
edited by psgreco
Loading

Fixes #1125
This causes crash on elements wallet when dealing with transactions that
have explicit values and confidential assets. This creates a somewhat
serious DoS attack as the sender can cause the reciever's wallet to
crash by partially blinding the change output. To make matters worse,
the wallet initially accepts the transaction, but fails while spending
the output.

This is likely caused by a combination of two bugs:

  1. The wallet's current behaviour stores the complete transaction of interest
    in CWalletTx instead of just Outpoints. Only that the spend time do we
    iterate over all outputs, try to unblind them and check which are
    isMine. When calling wtx.GetOutputValueOut() or similar calls, we hit this assertion.

While the current behaviour is okay, I think the correct way is move
the IsMine == ISMINE_NO at the start of the loop. We should not do be
any checks on outputs that are not ours. This is used in multiple
places at different parts of the codebase for different RPCs.

  1. When dealing with partially blinded trasactions, ComputeBlindingData
    correctly sets value = -1, and the cache byte to 1. When getting the
    data again with GetBlindingData for explicit value and confidential
    asset, we load the precomputed data with value = -1 and assert the
    loaded value be the explicit value in the transaction. This is only true
    for explicit value and explicit asset.

The changed assertion checks that written value should be same as the
explicit value that was written only when the amounts are valid

@sanket1729
Check the value assetion only on valid amounts
53a75eb 
This causes crash on elements wallet when dealing with transactions that
have explicit values and confidential assets. This creates a somewhat
serious DoS attack as the sender can cause the reciever's wallet to
crash by partially blinding the change output. To make matters worse,
the wallet initially accepts the transaction, but fails while spending
the output.

This is likely caused by a combination of two bugs:
1) The wallet's current behaviour stores the complete transaction of interest
in CWalletTx instead of just Outpoints. Only that the spend time do we
iterate over all outputs, try to unblind them and check which are
isMine. When calling wtx.GetOutputValueOut() or similar calls, we hit this assertion.

While the current behaviour is okay, I think the correct way is move
the IsMine == ISMINE_NO at the start of the loop. We should not do be
any checks on outputs that are not ours. This is used in multiple
places at different parts of the codebase for different RPCs.

2) When dealing with partially blinded trasactions, ComputeBlindingData
correctly sets value = -1, and the cache byte to 1. When getting the
data again with GetBlindingData for explicit value and confidential
asset, we load the precomputed data with value = -1 and assert the
loaded value be the explicit value in the transaction. This is only true
for explicit value and explicit asset.

The changed assertion checks that written value should be same as the
explicit value that was written only when the amounts are valid
@delta1 delta1 changed the title Check the value assetion only on valid amounts Check the value assertion only on valid amounts Aug 8, 2022
apoelstra
apoelstra approved these changes Aug 8, 2022
View reviewed changes
Copy link
Member

@apoelstra apoelstra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 53a75eb

@gwillen gwillen merged commit 426679e into ElementsProject:master Aug 8, 2022
@gwillen gwillen mentioned this pull request Aug 8, 2022
Merged
psgreco added a commit that referenced this pull request Aug 8, 2022
@psgreco
Merge pull request #1135 from gwillen/release-backports-22
9ee071f 
[elements-22.x] Backport #1134: Check the value assertion only on valid amounts
@gwillen gwillen mentioned this pull request Aug 9, 2022
Merged
This was referenced Dec 5, 2022
Closed
Open
gwillen added a commit to gwillen/elements that referenced this pull request Mar 2, 2023
@gwillen
Merge 426679e into merged_master (Elements PR ElementsProject#1134)
98e863f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apoelstra apoelstra apoelstra approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Elementsd wallet crash when dealing with blinded assets, but with explicit values.
3 participants
@sanket1729 @apoelstra @gwillen