Skip to content

Fix potential DoS vector for masternode payments #2071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 26, 2018
Merged

Fix potential DoS vector for masternode payments #2071

merged 2 commits into from
May 26, 2018

Conversation

@UdjinM6
Copy link

@UdjinM6 UdjinM6 commented May 7, 2018
edited
Loading

A less invasive alternative (logic-wise) to #2070

@UdjinM6 UdjinM6 added this to the 12.3 milestone May 7, 2018
@UdjinM6 UdjinM6 mentioned this pull request May 7, 2018
Closed
sidhujag
sidhujag reviewed May 8, 2018
View reviewed changes
src/masternode-payments.cpp
// Avoid processing same vote multiple times
if(!res.second) {
// Avoid processing same vote multiple times if it was already verified earlier
if(!res.second && res.first->second.IsVerified()) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't actually solve the problem. If an attacker uses a bad signature it will pass and add to mapMasternodePaymentVotes yet vchsig will be non-empty and this check is just a NOP. Don't you need to move this under the sig check like I did in my initial PR?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh I see so vchsig will be cleared anyway and this will basically reprocess if it was a bad vote that was stored and for a good vote vchsig would have been filled later so it returns right away, makes sense thanks!

@UdjinM6 UdjinM6 added the bug label May 10, 2018
@UdjinM6 UdjinM6 requested a review from codablock May 19, 2018 07:00
codablock
codablock approved these changes May 20, 2018
View reviewed changes
Copy link

@codablock codablock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

@UdjinM6 UdjinM6 merged commit cf71f57 into dashpay:develop May 26, 2018
Yoyae pushed a commit to monacocoin-net/monoeci-core that referenced this pull request May 28, 2018
@UdjinM6 @Yoyae
Fix potential DoS vector for masternode payments (dashpay#2071)
13e0d8b 
* Skip only already verified mn payments vote duplicates

* Update mn payment vote stats only if mn payment vote sig is ok
andvgal pushed a commit to energicryptocurrency/gen2-energi that referenced this pull request Jan 6, 2019
@UdjinM6 @andvgal
Fix potential DoS vector for masternode payments (dashpay#2071)
66b3a52 
* Skip only already verified mn payments vote duplicates

* Update mn payment vote stats only if mn payment vote sig is ok
CryptoCentric pushed a commit to absolute-community/absolute that referenced this pull request Mar 1, 2019
@UdjinM6 @CryptoCentric
Fix potential DoS vector for masternode payments (dashpay#2071)
04972d6 
* Skip only already verified mn payments vote duplicates

* Update mn payment vote stats only if mn payment vote sig is ok
@UdjinM6 UdjinM6 deleted the fixmnpaymentvotes branch November 26, 2020 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@sidhujag sidhujag sidhujag left review comments

@codablock codablock codablock approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

12.3

Development

Successfully merging this pull request may close these issues.

3 participants

@UdjinM6 @codablock @sidhujag