[crash/fuzzing] DoS/infinite processing during block ssz parsing
pventuzelo opened this issue · 0 comments
pventuzelo commented
Description
During fuzzing with new version (under development) of beacon-fuzz, I found a bug leading to a Denial of Service (DoS) of teku.
More specifically, an "infinite processing" triggered using teku transition blocks.
Based on other eth2 clients errors, bug seems to be an out-of-bound issue not detected during Teku Block SSZ parsing:
- lighthouse:
Ssz decode failed: OutOfBoundsByte { i: 0 } - nim:
SszSizeMismatchError
Steps to Reproduce (Bug)
- Download: infinite_process_ssz_teku.zip
- Crash:
# install
./gradlew distTar installDist
# go to build folder
cd build/install/
# Run teku
bin/teku transition blocks --pre=infinite_process_ssz_state_teku.ssz --network=mainnet infinite_process_ssz_block_teku.ssz
# PROCESS NEVER STOP...Versions
- Github branch:
master - Github commit: 1cc3466
- Java version:
openjdk version "11.0.7" 2020-04-14 - OS Name & Version:
Ubuntu 18.04.4 LTS - Kernel Version:
4.15.0-96-generic