Medium severity vulnerability sucessfully patched in Grin v3.0.0 - Public disclosure of CVE-2020-6638

lehnberg · January 20, 2020, 11:27pm

As part of last week’s network-wide upgrade to 3.0.0 a consensus breaking patch was rolled out that fixes a security vulnerability of medium severity where malleable blocks can be produced to force a chain split.

There has been no indication of the vulnerability ever having been exploited. Attacks to target users following a successful chain split would have been exceptionally difficult to pull off in practice. After the release of 3.0.0, users are not vulnerable, and no further action is required.

This has been assigned CVE-2020-6638, and the details of the issue and the corresponding fix has just been published to our /grin-security github repo: https://github.com/mimblewimble/grin-security/blob/master/CVEs/CVE-2020-6638.md

mcm-mike · January 21, 2020, 1:28pm

@lehnberg thank you for the update.
So for my understanding there is no need to deploy this patch to the https://github.com/mimblewimble/grin/tree/current/3.0.x branch?

I am asking because all my public high available nodes are running on this branch?

tromp · January 21, 2020, 1:54pm

That branch (like all version 3 branches) includes the patch, as can be seen at

github.com

mimblewimble/grin/blob/6e5afe496b201a1a5df4f42c62cd5fe1bdc24c6b/chain/src/types.rs#L237-L247


	/// The root of our output PMMR. The rules here are block height specific.
	/// We use the merged root here for header version 3 and later.
	/// We assume the header version is consistent with the block height, validated
	/// as part of pipe::validate_header().
	pub fn root(&self, header: &BlockHeader) -> Hash {
		if header.version < HeaderVersion(3) {
			self.output_root()
		} else {
			self.merged_root(header)
		}
	}

mcm-mike · January 21, 2020, 2:09pm

Thank you @tromp for clarifying.
I just got a bit confused about the commit message on the 3x branches.

antioch · February 20, 2020, 4:08pm

Just to follow up on this. A link to the initial question on gitter chat was included in the vulnerability writeup but credit/attribution for this was not particularly clear.

Thanks @devrandom for asking what at first glance appeared to be a simple question on an implementation detail.

This was then followed up with a more specific point related to the original question. This turned out to very concisely describe the underlying problem behind the vulnerability.