[bitcoin-dev] Full Disclosure: Denial of Service in STONEWALLx2 (p2p coinjoin)

alicexbt alicexbt at protonmail.com
Sat Sep 10 10:20:48 UTC 2022


This has been assigned CVE-2022-35913: https://www.cve.org/CVERecord?id=CVE-2022-35913

/dev/fd0

Sent with Proton Mail secure email.

------- Original Message -------
On Thursday, July 14th, 2022 at 9:25 AM, alicexbt via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:


> Hi bitcoin-dev list members,
> 
> 
> STONEWALLx2[1] is a p2p coinjoin transaction in Samourai wallet. The miner fee is split between both participants of the transaction.
> 
> 
> ==========================
> Problem
> ==========================
> 
> Antoine Riard shared the details of DoS attack in an [email][2] on 21 June 2022.
> 
> Proof of Concept:
> 
> 1) Download Samourai APK, create testnet wallet, get some coins from faucet and claim a paynym in 2 android devices. Consider Bob and Carol are using these devices.
> 
> 2) Bob and Carol follow each other's paynyms. Carol is the attacker in this case and she could make several paynyms.
> 
> 3) Bob initiates a Stonewallx2 transaction that requires collaboration with Carol.
> 
> 4) Carol confirms this request in the app.
> 
> 5) Carol spends the UTXO from wallet configured in electrum with same seed before Bob could complete the last step and broadcast STONEWALLx2 transaction. It was non RBF [transaction][3] with 1 sat/vbyte fee rate and was unconfirmed during testing.
> 
> 6) Bob receives an [error][4] in the app when trying to broadcast Stonewallx2 transaction which disappears in a few seconds. The [progress bar][5] appears as if wallet is still trying to broadcast the transaction until Bob manually go back or close the app.
> 
> 
> ==========================
> Solution
> ==========================
> 
> Suggestions:
> 
> a) Error message that states collaborator spent her UTXO used in STONEWALLx2, end the p2p coinjoin process, unfollow collaborator's paynym and suggest user to do such transactions with trusted users only for a while.
> 
> b) Once full RBF is used by some nodes and miners, attacker's transaction could be replaced with a higher fee rate.
> 
> Conclusions by Samourai:
> 
> a) As the threat involves the collaborator attacking the spender. We strongly advise that collab spends be done w/ counterparties with which some measure of trust is shared. As such, this does not seem to have an important threat surface.
> 
> b) Bumping fee won't be simple as fees are shared 50/50 for STONEWALLx2 spends. Change would have to be recalculated for both spender and collaborator. Collab would either have had already authorized a possible fee bump beforehand or would have to be prompted before broadcast.
> 
> 
> ==========================
> Timeline
> ==========================
> 
> 22 June 2022: I emailed Antoine after testing STONEWALLx2
> 
> 23 June 2022: I shared the details of attack in a confidential issue in Samourai wallet [repository][6]
> 
> 07 July 2022: TDevD (Samourai) acknowledged the issue and wanted to discuss it internally with team
> 
> 14 July 2022: TDevD shared the conclusions
> 
> 
> ==========================
> Credits
> ==========================
> 
> Antoine Riard discovered DoS vector in p2p coinjoin transactions and helped by responding to emails during testing.
> 
> 
> [1]: https://docs.samourai.io/spend-tools
> [2]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html
> [3]: https://mempool.space/testnet/tx/42db696460a46f196f457779d60acbf46b31accc5414b9eac54b2e785d4c1cbb
> [4]: https://i.imgur.com/6uf3VJn.png
> [5]: https://i.imgur.com/W6ITl4G.gif
> [6]: https://code.samourai.io/wallet/samourai-wallet-android
> 
> 
> /dev/fd0
> 
> 
> Sent with Proton Mail secure email.
> 
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev


More information about the bitcoin-dev mailing list