Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(rln): nullifierlog vulnerability #2855

Merged
merged 5 commits into from
Jun 28, 2024
Merged

Conversation

alrevuelta
Copy link
Contributor

@alrevuelta alrevuelta commented Jun 27, 2024

  • Fixes bug in nullifierLog. Now instead of counting elements in the table and removing when > epochGap, we ensure that they correspond to the current epoch +- epochGap. Anything than that we remove. This protects the node from messages arriving out-of-order.
  • Fixes bug in validateMessageAndUpdateLog. The nullifierLog table was updated with new epochs no matter if the message was rate-limited or not, and no matter if the message even contained a valid proof. This allowed an attacker to attack the nullifierLog table, that in conjunction with the previous bug caused rate-limited messages to be accepted. The attacker at no cost could fill the table with unused epochs, bypassing the rate-limit protection.

@alrevuelta alrevuelta changed the base branch from master to release/v0.30 June 27, 2024 11:59

var epochsToClear = rlnPeer.nullifierLog.keys().toSeq()
epochsToClear.sort(compareKeys)
epochsToClear = epochsToClear[0 ..< countToClear]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as it is, it should work fine now.

however I'm having second thought about cleaning the nullifierlog this way. it has some implicit knowledge that can be error prone.

perhaps a better way could be. which epoch are we at? x? well, remove everything in the table that is beyond x-epochGap.

Copy link
Contributor

@rymnc rymnc Jun 27, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i like this idea, O(n) vs O(nlogn) not that it matters though because the nullifierLog will be small :)

# dirty should never happen
return pubsub.ValidationResult.Reject
# insert the message to the log (never errors)
discard wakuRlnRelay.updateLog(msgProof.epoch, proofMetadataRes.get())
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the key here is that we shouldn't update the nullifierlog if the message is wrong (eg proof is invalid). otherwise anyone can "DoS" the nullifieerLog, forcing cleanups and making it useless.

@@ -280,7 +280,7 @@ proc validateMessageAndUpdateLog*(
return MessageValidationResult.Invalid

# insert the message to the log (never errors)
discard rlnPeer.updateLog(msgProof.epoch, proofMetadataRes.get())
#discard rlnPeer.updateLog(msgProof.epoch, proofMetadataRes.get())
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this function is called even in invalid messages. see other comment.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or maybe a better way use isValidMessage here and only updateLog if valid.

@alrevuelta alrevuelta changed the title Fix nullifierlog vulnerability fix(rln): nullifierlog vulnerability Jun 27, 2024
Copy link

github-actions bot commented Jun 27, 2024

You can find the image built from this PR at

quay.io/wakuorg/nwaku-pr:2855

Built from 8863572

Copy link
Contributor

@rymnc rymnc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@alrevuelta alrevuelta merged commit dad054d into release/v0.30 Jun 28, 2024
11 of 12 checks passed
@alrevuelta alrevuelta deleted the fix-nullifierlog branch June 28, 2024 07:25
Ivansete-status added a commit that referenced this pull request Jul 2, 2024
* CHANGELOG.md add info for v0.30.0
* fix(rln-relay): clear nullifier log only if length is over max epoch gap (#2836)
* chore: add TWN parameters for RLNv2 (#2843)
* fix(rln): nullifierlog vulnerability (#2855)
* chore(rln-relay): add chain-id flag to wakunode and restrict usage if mismatches rpc provider (#2858)

---------

Co-authored-by: Aaryamann Challani <43716372+rymnc@users.noreply.github.com>
Co-authored-by: Alvaro Revuelta <alvrevuelta@gmail.com>
Ivansete-status added a commit that referenced this pull request Jul 2, 2024
chore: Update master from release v0.30 (#2866)

* CHANGELOG.md add info for v0.30.0
* fix(rln-relay): clear nullifier log only if length is over max epoch gap (#2836)
* chore: add TWN parameters for RLNv2 (#2843)
* fix(rln): nullifierlog vulnerability (#2855)
* chore(rln-relay): add chain-id flag to wakunode and restrict usage if mismatches rpc provider (#2858)
    
---------

Co-authored-by: Aaryamann Challani <43716372+rymnc@users.noreply.github.com>
Co-authored-by: Alvaro Revuelta <alvrevuelta@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants