This repository has been archived by the owner on Feb 9, 2021. It is now read-only.
Potential DoS Issue with Update Proposals #764
Labels
audit
byron
Required for a Byron mainnet: replace the old core nodes with cardano-node.
discussion
A topic that needs to be discussed
ledger-spec
Issues related to the formal specification of the ledger
Comments
dcoutts
added
audit
ledger-spec
Yes.
In the current code, if both would be selected from the mempool at once, then the last one wins (in mempool order). |
dcoutts
added
byron
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Protocol version update proposals can either increase the protocol major version or protocol minor version, and are free to choose an Alt version (to differentiate proposals increasing the same version). The Alt version is a Word8.
This could lead to a potential DoS issue where, if an attacker can submit 256 update proposals (one per each Alt version) increasing the protocol minor version by 1 and 256 update proposals increasing the protocol major version, this would block any other update proposals from being registered for the lifetime of those proposals. Afterwards, the attacker could submit new proposals to continue blocking.
In order to carry this out the attacker would need a genesis key (or be delegated to by a genesis key), and be able to submit 512 update proposals one after another, without leaving any slots open for a legitimate proposal.
From the cardano-ledger code, it looks like a single block can only contain one update proposal in its body, and it has to be included there by the node minting said block. When multiple genesis keys emit an update proposal message, how does the node minting the block choose which proposal, if any, to include in the block?
The text was updated successfully, but these errors were encountered: