The smart contract platform Near Protocol contained a weird vulnerability that could have allowed an attacker to crash every node on the network, effectively shutting it down.
According to a Sept. 26 report from blockchain security firm Zellic, which discovered it, the vulnerability was quietly eliminated through a patch in January, but some networks may still contain similar flaws.
In the report, Zellic referred to the flaw as a “Web3 Ping of Death” due to its ability to bring down an entire network “in an instant.”
Researchers discovered it while investigating Near’s peer-to-peer networking protocol for validator nodes, which allows its validators to communicate effectively with each other.
Nodes on the network communicate and authenticate each other via a “handshake” containing one of two types of signatures, Ed25519 and SECP256K1.
While verifying the signature for Ed25519 worked fine, verifying SECP256K1 signatures resulted in a “panic” response that crashed the node.
A diagram of a peer-to-peer connection established between two peers. Source: Zellic
Having discovered this flaw, the researchers were surprised that it had not either been caught previously in tests or else crashed the network already.
The reason was more good luck than good management. It turns out that Near node software has “no code path that allows a Near node to generate SECP256K1 type keys.” In other words, the software allowed nodes to accept SECP256K signatures but didn’t allow them to produce such signatures.
As a result, no node had ever accidentally crashed the network by creating SECP256K keys and attempting to connect to another node.
Even so, a malicious node could alter the software to allow SECP256K keys to be generated. Once they did, they would have the power to crash any Near node simply by attempting to connect to it. The result could take down the entire network, constituting a “Web3 Ping of Death.”
To prove that the vulnerability was real, the researchers first created a version of the Near software containing a malicious patch that allowed SECP256K keys to be generated.
Error-throwing function vulnerability in Near. Source: Zellic
They then launched two nodes on a private testnet version of Near. The first node ran the legitimate software provided by developers, while the second ran the malicious version.
After the first node began producing blocks, the second node attempted to crash the first one by exploiting the two vulnerabilities. They found that the malicious node succeeded at crashing the legitimate one every time.
Related: Solana outage triggers ballistic reaction from the crypto community
Zellic secretly disclosed the vulnerability to the Near team in December, using HackenProof’s bug bounty platform to facilitate the disclosure. In response, the team paid Zellic a $150,000 reward and patched the node software in January.
The discovery of the vulnerability provided a happy ending to what otherwise could have been a story of crisis.
Other blockchains have not been lucky enough to avoid flaws that resulted in crashes. In December, the Arbitrum network went down for over 78 minutes, preventing users from making any transactions.
Developers later revealed that this downtime was caused by a surge of inscription minting, which the network was inadequately prepared to handle.
According to developers, in January, around 50% of Cardano nodes went down due to an “anomaly.” The disruption caused block production to slow, giving rise to longer transaction confirmation times. However, it did not cause the entire network to go down.
In February, the Solana network failed to produce a block for over 25 minutes. This was the latest of several Solana crashes, which some users have heavily criticized.
Magazine: Suspicious arrest of crypto scam reporter, Japan’s pro-crypto PM: Asia Express