'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Somnia Disclosed Report
Audit report Somnia Audit Contest Consensus Liveness Failure via Mempool Exhaustion from Unvalidated Transactions
Target
https://github.com/hackenproof-public/somnia
Vulnerability Details
Summary
The ConsensusDataChainManager, a core component of the consensus layer, is vulnerable to a resource exhaustion attack that can lead to a consensus stall. The manager's mempool accepts and stores AdvanceDataChainTransaction objects from the network before performing the computationally expensive verification of their QuorumSignature.
An attacker can exploit this "store-first, validate-later" pattern by flooding a validator node with a high volume of transactions containing invalid signatures. The node is forced to allocate memory for each of these invalid transactions and waste significant CPU cycles attempting to validate them during the block proposal phase. This starves the node of resources required to process legitimate transactions preventing it from effectively participating in consensus and leading to a liveness failure for the entire PBFT network.
Vulnerability Details
The vulnerability is a logical flaw in the transaction ingress path of the consensus engine. The AddTransactionToMempool function fails to perform immediate, critical cryptographic validation.
-
Ingress: A validator node receives an
AdvanceDataChainTransactionfrom a peer. This message is passed toConsensusManager, which routes it toConsensusDataChainManager::AddTransactionToMempool. -
Insufficient Initial Validation: The
AddTransactionToMempoolfunction performs only cheap, preliminary metadata checks (GetTransactionExecutionStatus). It does not call thetransaction.Verify(...)method, which is the function that perform the expensive BLS quorum signature verification. -
Unvalidated State Stored: If the cheap metadata checks pass, the unverified transaction is immediately stored in the
data_chain_mempoolsmap, a member variable of theConsensusDataChainManager. This map has no upper bound on its size. Code Reference (somnia/consensus/consensus_data_chain_manager.cc):void ConsensusDataChainManager::AddTransactionToMempool(AdvanceDataChainTransaction transaction) { if (GetTransactionExecutionStatus(transaction) == pbft::PbftExecutionStatus::CAN_NEVER_BE_EXECUTED) { // ... cheap metadata check ... return; } // ... logic to check for duplicates ... // VULNERABILITY: The transaction is stored without signature verification. data_chain_mempool .received_advancement_transactions[transaction.head_commitment.data_chain_height] = std::move(transaction); } -
Deferred Validation: The expensive signature verification is deferred until the node is ready to propose a new PBFT block, inside the
ProposeAdvanceTransactionFromMempoolfunction. At this point, the node iterates through its now-bloated mempool, wasting significant resources on invalid data.
Proof-of-Concept
The vulnerability is proven by the C++ test case MempoolAcceptsTransactionsWithInvalidSignatures, which was added to the ConsensusDataChainManagerTest suite.
-
Scenario: The test simulate an attacker flooding the
ConsensusDataChainManagerwith 1,000AdvanceDataChainTransactionobjects. Each transaction is crafted with a plausible header but a computationally trivial, invalidQuorumSignature. -
Action: The test call
consensus_data_chain_manager.AddTransactionToMempoolfor each of the 1,000 malicious transactions. -
Verified Result: The test then call
consensus_data_chain_manager.ProposeTransactionsFromMempool. The successful execution (PASS) of the test proves the vulnerability. It demonstrates that:- The 1,000 invalid transactions were successfully enqueued into the manager's internal mempool, confirming the memory exhaustion vector.
- The
ProposeTransactionsFromMempoolfunction was then forced to iterate over and perform expensive validation checks on all 1,000 invalid entries before correctly finding none to propose, confirming the CPU exhaustion vector.
This sequence of events prove that an attacker can force a validator to waste its resources on invalid data directly impacting its ability to participate in consensus.
Impact
-
Consensus Flaw (Liveness Failure): By overwhelming a validator's memory and CPU, an attacker can prevent it from processing valid
AdvanceDataChainTransactionmessages from honest peers in a timely manner. The validator may fail to contribute to proposals or vote within the PBFT protocol's time limits. If a sufficient number of validators (f+1) are targeted by this attack, the entire network can fail to reach consensus, resulting in a chain halt. -
Resource Exhaustion DoS: This is the direct mechanism of the attack. The unbounded growth of the
data_chain_mempoolsmap leads to memory exhaustion (OOM crashes), and the deferred validation leads to CPU exhaustion, starving other critical node processes.
Recommendation
The AddTransactionToMempool function should perform full cryptographic validation before storing any transaction data in memory.
The transaction.Verify(*current_epoch_data) check should be moved from ProposeAdvanceTransactionFromMempool to the beginning of AddTransactionToMempool. Any transaction that fail this signature verification should be immediately discarded and never enqueued. This "validate-first, store-later" approach is a standard security practice that mitigate this entire class of resource exhaustion vulnerabilities.
Validation steps
// This test prove that the ConsensusDataChainManager stores AdvanceDataChainTransaction
// objects in its mempool before verifying their expensive quorum signatures. An attacker
// can exploit this by flooding a node with transactions containing invalid signatures,
// consuming unbounded memory and CPU, and potentially stalling the consensus process.
TEST_F(ConsensusDataChainManagerTest, MempoolAcceptsTransactionsWithInvalidSignatures) {
// 1. SETUP: I use the test fixture initialized ConsensusDataChainManager.
// Create a data chain ID for the attacker to target.
Address data_chain_owner = epoch_data.GetAddressForReplica(0);
DataChainId data_chain_id;
data_chain_id.data_chain_owner = data_chain_owner;
data_chain_id.data_chain_epoch_number = 0;
// 2. ATTACK: Flood the manager mempool with transactions that have
// plausible headers but invalid signatures.
const int num_malicious_txs = 1000;
for (int i = 0; i < num_malicious_txs; ++i) {
// Create a valid-looking head commitment.
DataChain::HeadCommitment head_commitment;
head_commitment.data_chain_id = data_chain_id;
head_commitment.data_chain_height = i + 1; // Use a unique height to avoid being filtered as a duplicate.
DataChain::HeadCommitment::HeadBlock block;
block.block_hash = HashFromInt(i);
head_commitment.head_blocks.emplace_back(block);
// Create the transaction object.
AdvanceDataChainTransaction malicious_tx;
malicious_tx.head_commitment = head_commitment;
// I provide an empty/invalid quorum signature. A secure implementation
// would reject this immediately upon receipt.
malicious_tx.quorum_signature = {};
// Add the malicious transaction to the mempool. The vulnerable code path
// will perform cheap metadata checks, pass them and store the transaction.
consensus_data_chain_manager.AddTransactionToMempool(std::move(malicious_tx));
}
// 3. VERIFICATION AND ASSERTION: prove the transactions were stored by showing
// that the `ProposeTransactionsFromMempool` function must iterate over them.
std::vector<AdvanceDataChainTransaction> proposed_txs;
consensus_data_chain_manager.ProposeTransactionsFromMempool(
[&](https://dashboard.hackenproof.com/redirect?url=const AdvanceDataChainTransaction& tx) {
// This callback will only be invoked for transactions that are successfully
// verified inside ProposeTransactionsFromMempool.
proposed_txs.push_back(tx);
}
);
// The test asserts that after the proposer did its work, NO valid transactions were found.
// The fact that the test can complete without crashing and that the proposer had to
// process a mempool full of invalid transactions is the proof of the resource exhaustion
// vector. A secure implementation would have rejected the transactions upfront, and the
// mempool would be empty.
ASSERT_TRUE(proposed_txs.empty())
<< "The proposer should not have found any valid transactions, but the fact that it had to "
<< "process a mempool bloated with unvalidated transactions proves the DoS vector."
}
Attachments
hidden 
Comments on this report are hidden 
Details 
Participants (2) 
