Producing software inherently comes with risks. All software, especially new releases and large code re-writes, have a higher probability of producing bugs during production and initial release. To combat this, the ARK team has introduced modern testing methods, higher test coverage, a custom developed e2e testing framework and increased the availability for testing on our Development Network prior to the releases. Despite all of that, no one can catch every potential issue.
We are running our own development and security bounty program. Please check detailed instructions on how to report a security vulnerability at https://ark.io/sv/.
This repository series will serve as a public disclosure of any discovered and patched vulnerabilities within the ARK Blockchain Platform Product Landscape (Core, Desktop Wallet, Mobile Wallet, ARK Pay & Deployer).
The list of known and closed or still open security vulnerabilites can be found in the tables below. Each table consists of four fields, describing the basic information about the listed security vulnerabilities and a more detailed description is available by clicking on the link in the identifier field.
| Identifier | Title | Status | Version |
|---|---|---|---|
| Core-SV-072 | Slow query stopped nodes when requesting blocks from specific generators | Closed | v2.7.13 |
| Core-SV-071 | Reviver function in the transport codec could cause denial of service | Closed | v2.7.13 |
| Core-SV-070 | Incoming connections were not banned when failing basic validation checks | Closed | v2.7.13 |
| Core-SV-069 | Exceeding individual but not global rate limit evaded ban | Closed | v2.7.13 |
| Core-SV-068 | Automatic peer reconnection did not reattach socket event listeners | Closed | v2.7.13 |
| Core-SV-067 | Schema violation requesting common blocks did not close the connection | Closed | v2.7.13 |
| Core-SV-066 | Blocks were accepted but not propagated if received out of slot | Closed | v2.7.13 |
| Core-SV-065 | Requesting blocks at a very high height locked up PostgreSQL | Closed | v2.7.6 |
| Core-SV-064 | Binary data payloads could stop forging | Closed | v2.7.6 |
| Core-SV-063 | Large payloads sent to internal endpoints prevented forging | Closed | v2.7.6 |
| Core-SV-062 | Outgoing connections were not destroyed after receiving unsupported WebSocket frames | Closed | v2.7.1 |
| Core-SV-061 | Peer lists could exceed the maximum permitted payload size | Closed | v2.7.0 |
| Core-SV-060 | Outgoing sockets were not properly rate limited | Closed | v2.7.0 |
| Core-SV-059 | Newly connected peers did not have an initial maximum payload limit | Closed | v2.6.57 |
| Core-SV-058 | Insufficient transaction asset validation | Closed | v2.6.57 |
| Core-SV-057 | HTTP header manipulation caused out of memory crashes | Closed | v2.6.54 |
| Core-SV-056 | Prepending zeros in the hex representation of a signature would change its ID | Closed | v2.6.52 |
| Core-SV-055 | Negative values were erroneously accepted in ECDSA signatures | Closed | v2.6.49 |
| Core-SV-054 | DER signature manipulation could fork the network, roll back and replay transactions | Closed | v2.6.49 |
| Core-SV-053 | Pool poisoning could stop delegates forging any transactions | Closed | v2.6.49 |
| Core-SV-052 | Port ping payload sizes were unchecked and could cause bandwidth flood attacks | Closed | v2.6.49 |
| Core-SV-051 | Slow PostgreSQL query attack could have caused delegates to miss blocks | Closed | v2.6.49 |
| Core-SV-050 | Consecutive big blocks could exceed the maximum payload limit | Closed | v2.6.49 |
| Core-SV-049 | ECDSA-signed block and transaction signatures were malleable | Closed | v2.6.39 |
| Core-SV-048 | Delayed completion of peer verification stopped nodes forging | Closed | v2.6.39 |
| Core-SV-047 | Block ID-based exceptions were vulnerable to preimage attacks and blockchain poisoning | Closed | v2.6.39 |
| Core-SV-046 | Block schema violations could halt the blockchain | Closed | v2.6.39 |
| Core-SV-045 | Induced slow block propagation forked the network | Closed | v2.6.38 |
| Core-SV-044 | Marshalled block payloads using the peer-to-peer transport codec were not sanitized | Closed | v2.6.37 |
| Core-SV-043 | Tree memory structure exceeded maximum call stack size when fetching unconfirmed transactions to forge | Closed | v2.6.36 |
| Core-SV-042 | Nonce comparison took too long to complete when fetching unconfirmed transactions to forge | Closed | v2.6.34 |
| Core-SV-041 | Overloading the public API could stop the transaction and block processing on a node | Closed | v2.6.30 |
| Core-SV-040 | Long-lived HTTP requests via the P2P layer could crash the node | Closed | v2.6.27 |
| Core-SV-039 | Pool wallet manager could lock up funds by not updating multipayment balances | Closed | v2.6.21 |
| Core-SV-038 | Plain HTTP connections to the p2p port could crash the node's operating system | Closed | v2.6.11 |
| Core-SV-037 | A malicious block containing thousands of transactions could take down a node | Closed | v2.5.36 |
| Core-SV-036 | Opening thousands of sockets caused high CPU/memory usage and full server crashes | Closed | v2.5.36 |
| Core-SV-035 | Broadcasting invalid WebSocket opcodes caused significant network degradation and missed blocks | Closed | v2.5.36 |
| Core-SV-034 | Unhandled unemitted events could trigger high CPU spikes and propagation delays | Closed | v2.5.36 |
| Core-SV-033 | JSON payloads with too many key-value pairs were too CPU intensive to parse | Closed | v2.5.36 |
| Core-SV-032 | Multiple disconnect JSON packets caused high CPU utilization | Closed | v2.5.31 |
| Core-SV-031 | Sending HyBi WebSocket headers with no data could stop nodes forging | Closed | v2.5.30 |
| Core-SV-030 | Ping control frame bombardment could prevent block propagation | Closed | v2.5.28 |
| Core-SV-029 | Externally hitting internal P2P endpoints could stop a node handling requests | Closed | v2.5.25 |
| Core-SV-028 | Rate limiting was ineffective due to inappropriate disconnection methods | Closed | v2.5.24 |
| Core-SV-027 | Malformed messages on the P2P layer could hang up a node and stop delegates forging | Closed | v2.5.24 |
| Core-SV-026 | P2P endpoint request events were not sanitised | Closed | v2.5.19 |
| Core-SV-025 | Core plugin names were not length restricted so could cause DoS in peer lists | Closed | v2.5.19 |
| Core-SV-024 | Peer lists could become too large and be manipulated to become a DDoS network | Closed | v2.5.14 |
| Core-SV-023 | Peer-to-peer postTransactions endpoint could be spammed to overwhelm nodes | Closed | v2.5.14 |
| Core-SV-022 | Delegates can be forced to forge empty blocks and genuine transactions can be evicted from the pool | Closed | v2.4.14 |
| Core-SV-021 | Unverified transactions in bad blocks can purge genuine transactions from the pool | Closed | v2.4.13 |
| Core-SV-020 | Race condition can result in blocks containing already forged transactions | Closed | v2.4 |
| Core-SV-019 | Block header manipulation in quorum calculations prevents nodes forging | Closed | v2.4 |
| Core-SV-018 | Second Signature Transaction Pool Validation | Closed | v2.4 |
| Core-SV-017 | Second Signature Transaction Broadcast/Sign/Order | Closed | v2.3 |
| Core-SV-016 | Receiving a block containing non-valid transactions causes peers to rollback | Closed | v2.3 |
| Core-SV-015 | Delayed block propagation causes the next delegate to miss its block | Closed | v2.3 |
| Core-SV-014 | API endpoint open to possible DDOS attack | Closed | v2.2.2 |
| Core-SV-013 | Transactions near the payload size limit can stop delegates forging | Closed | v2.1.2 |
| Core-SV-012 | Conflicting delegate registration transactions | Closed | v2.1.0 |
| Core-SV-011 | Malicious delegate zero(0) - ARK transaction spam | Closed | v2.0.18 |
| Core-SV-010 | Malicious delegate can cause peers to fork and roll back simultaneously | Closed | v2.0.19 |
| Core-SV-009 | Fake peers can be added by using non-quad-dotted notation | Closed | v2.0.19 |
| Core-SV-008 | Forged blocks by anyone can cause the chain to stop/or start recovering | Closed | v2.0.17 |
| Core-SV-007 | Forging multiple blocks in a slot and rewards hijacking | Closed | v2.0.17 |
| Core-SV-006 | Transaction replay attack with known 2nd signature passphrase / multisignature | Closed | v2.6.0 |
| Core-SV-005 | Double forging a block | Open | |
| Core-SV-004 | IP spoofing | Closed | v2.0.16 |
| Core-SV-003 | Second signature transaction replay | Closed | v2.0.16 |
| Core-SV-002 | Generating new Ark using multi signature transaction | Closed | v2.0.16 |
| Core-SV-001 | Invalid block received | Closed | v2.0.16 |
| Identifier | Title | Status | Version |
|---|
| Identifier | Title | Status | Version |
|---|
| Identifier | Title | Status | Version |
|---|
| Identifier | Title | Status | Version |
|---|