Impact
Connecting to a bad peer that claims to be catching up (the peer is in consensus, but has fallen behind and is attempting to catch up) can, under certain circumstances, degrade the performance of the node that is gossiping the catch-up data.
When the source node of catch-up data fails to gossip this information, it immediately retries, resulting in a "hot loop" of send attempts, spiking CPU usage and degrading node performance.
While this behavior has been seen on some production networks, it is unclear whether this is the result of malicious intent or simply misconfiguration of the "bad" peers (more likely the latter). We have also not yet been able to reliably reproduce the attacker's behavior, so the attack vector is currently technically theoretical.
Patches
It is unclear as to the degree to which the upstream Tendermint Core repository is maintained (see this notice in the README file and this issue), so we recommend upgrading to Informal Systems' public fork of Tendermint Core, v0.34.25, ASAP to help mitigate against this kind of attack.
Workarounds
Operators can attempt to find the node IDs of the bad peers and then block access to their IP addresses as a short-term workaround.
References
#4
sergio-mena Analyst
jhernandezb Analyst
Impact
Connecting to a bad peer that claims to be catching up (the peer is in consensus, but has fallen behind and is attempting to catch up) can, under certain circumstances, degrade the performance of the node that is gossiping the catch-up data.
When the source node of catch-up data fails to gossip this information, it immediately retries, resulting in a "hot loop" of send attempts, spiking CPU usage and degrading node performance.
While this behavior has been seen on some production networks, it is unclear whether this is the result of malicious intent or simply misconfiguration of the "bad" peers (more likely the latter). We have also not yet been able to reliably reproduce the attacker's behavior, so the attack vector is currently technically theoretical.
Patches
It is unclear as to the degree to which the upstream Tendermint Core repository is maintained (see this notice in the README file and this issue), so we recommend upgrading to Informal Systems' public fork of Tendermint Core, v0.34.25, ASAP to help mitigate against this kind of attack.
Workarounds
Operators can attempt to find the node IDs of the bad peers and then block access to their IP addresses as a short-term workaround.
References
#4