Skip to content

Vega's validators able to submit duplicate transactions

Moderate severity GitHub Reviewed Published Jun 20, 2023 in vegaprotocol/vega • Updated Nov 7, 2023

Package

gomod code.vegaprotocol.io/vega (Go)

Affected versions

< 0.71.6

Patched versions

0.71.6

Description

A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge.

Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network.

The steps to carry out this exploit are as follows:

  1. Cause an Ethereum event on one of the bridge contracts e.g a deposit to the collateral bridge, or the staking bridge
  2. This will result in the Ethereum-event-forwarder of each node to submit a ChainEvent transaction to the Vega network corresponding to that event
  3. Scrape the valid chain event transaction from the Tendermint block data using a node’s Tendermint API
  4. Change the value of the txId field of the ChainEvent to any valid, but different, value
  5. Bundle the tweaked ChainEvent into a new transaction, sign it with a validator key and resubmit to the Vega network
  6. The fraudulent ChainEvent will be processed by Vega as if it were a new ChainEvent even though it did not occur on Ethereum

The key to this exploit is in step 4. The txId field of the ChainEvent is used when checking for ChainEvent resubmission, but NOT during the subsequent on-chain verification of the event. Therefore changing the txId of an existing ChainEvent is enough to by-pass the duplication check and for it to still be verified as a real event.

Impact

The impact of this exploit is dependent on the ChainEvent being manipulated. The below table describes each one:

Chain Event Allows Consequence
Deposit Generation of unlimited funds of any asset Withdrawal of all assets
Stake Deposit Delegate unlimited Vega to a single node A single node has controlling amount of voting power
Stake Removed Force a Validator node to drop below self-stake requirements Prevents reward payouts
Bridge Stop The Vega network to think the bridge is stopped Prevent anyone from withdrawing funds
Signer Removed The Vega network to think a validator nodes is not on the multisig contract Prevent reward payouts

Patches

v0.71.6

Workarounds

No work around known, however there are mitigations in place should this vulnerability be exploited:

  • there are monitoring alerts, for mainnet1, in place to identify any issues of this nature including this vulnerability being exploited
  • the validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited

References

N/A

References

@jeremyletang jeremyletang published to vegaprotocol/vega Jun 20, 2023
Published to the GitHub Advisory Database Jun 20, 2023
Reviewed Jun 20, 2023
Published by the National Vulnerability Database Jun 23, 2023
Last updated Nov 7, 2023

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Physical
Attack complexity
High
Privileges required
High
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
Low

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L

EPSS score

0.063%
(29th percentile)

Weaknesses

CVE ID

CVE-2023-35163

GHSA ID

GHSA-8rc9-vxjh-qjf2

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.