'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Somnia Disclosed Report
Audit report Somnia Audit Contest WebSocket client frames are never masked
Target
https://github.com/hackenproof-public/somnia
Vulnerability Details
Summary
The Somnia WebSocket client implementation violates RFC 6455 by never masking frames sent to servers. websocket_serialisation.cc:49 The masking is globally disabled via kUseMask = false, and the client handshake uses a fixed Sec-WebSocket-Key instead of generating fresh nonces. This vulnerability has Medium severity as it can cause interoperability failures with RFC-compliant servers and middleboxes, potentially leading to peer-to-peer network disruptions.
Finding Description
The vulnerability exists in the WebSocket serialization implementation where masking is controlled by a global constant kUseMask = false that disables masking for all frame types. websocket_serialisation.cc:49 The SerialiseFrame() function only applies masking when this flag is true, but since it's hardcoded to false, client frames are never masked. websocket_serialisation.cc:284-294
The WebSocket client is instantiated with is_server{false} in the client wrapper, websocket_client.h:36 but this parameter is not used to control masking behavior. The masking logic exists in the serialization code but is gated behind the disabled flag. websocket_serialisation.cc:326-331
Additionally, the client handshake uses a fixed Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== (the RFC example value) instead of generating a fresh 16-byte nonce per connection. websocket_serialisation.cc:69 The close frame implementation also bypasses the normal serializer and uses a hardcoded buffer with an all-zero masking key. websocket_serialisation.cc:100
Impact Explanation
RFC 6455 mandates that all client-to-server frames must be masked to prevent cache poisoning attacks through intermediary proxies. Standards-compliant servers, proxies, and load balancers may reject or drop unmasked client frames, leading to silent message loss or complete connection failures. In Somnia's peer-to-peer network context, this can prevent nodes from exchanging transactions and blocks across certain network configurations, potentially causing mempool inconsistencies and consensus divergence.
Likelihood Explanation
The likelihood is medium as it depends on the network infrastructure between Somnia nodes. While some servers and middleboxes may be lenient with RFC compliance, many enterprise-grade proxies and security appliances strictly enforce WebSocket standards. The vulnerability becomes more likely in production deployments where nodes communicate through corporate networks or cloud load balancers that implement RFC-compliant filtering.
Recommendation
Consider implementing role-based masking where clients mask frames but servers do not. One approach would be to modify the SerialiseFrame() function to use the is_server parameter:
void WebsocketSerialisation::SerialiseFrame(int frame_type, ByteSpanConst message,
std::vector<std::uint8_t>& output) {
// Use role-based masking: clients must mask, servers must not
bool use_mask = !is_server;
// Generate fresh masking key per frame for clients
std::uint8_t masking_key[4];
if (use_mask) {
// Generate cryptographically random masking key
GenerateRandomBytes(masking_key, 4);
}
// Apply masking logic using use_mask instead of kUseMask
// ... rest of frame serialization with dynamic masking
}
Additionally, modify SerialiseClientHandshakeRequest() to generate a fresh Base64-encoded 16-byte nonce for each connection instead of using the fixed RFC example value. Route control frames like close/ping/pong through the normal serializer to ensure consistent masking behavior.
Notes
The WebSocket implementation correctly handles receiving masked frames from peers, websocket_serialisation.cc:218-227 so the issue is specifically with outbound frame masking. The masking infrastructure is already present in the codebase but disabled, making the fix relatively straightforward without requiring architectural changes to the transport layer.
Validation steps
Paste in somnia/transport/BUILD
cc_test(
name = "websocket_client_masking_poc_test",
srcs = ["websocket_client_masking_poc_test.cc"],
linkstatic = True,
deps = [
":transport",
"//somnia/test:test_main",
],
)
Paste in somnia/transport/websocket_client_masking_poc_test.cc
#include <gtest/gtest.h>
#include <vector>
#include <string>
// Expose private methods for testing
#define private public
#include "somnia/transport/websocket_serialisation.h"
#undef private
#include "somnia/lib/common.h"
using somnia::ByteSpanConst;
using somnia::StringToBytes;
struct TraceEntry {
std::string function;
std::string parameters;
};
TEST(WebsocketClientMaskingPoCTest, ClientFramesAreUnmaskedAndKeyIsFixed) {
std::vector<TraceEntry> trace;
somnia::ws::WebsocketSerialisation serialiser{/*is_server=*/false};
// Trace and capture handshake
std::vector<std::uint8_t> handshake_bytes;
trace.push_back({"SerialiseClientHandshakeRequest", "ip=127.0.0.1 port=80 path=/"});
serialiser.SerialiseClientHandshakeRequest(
"127.0.0.1", 80, "/",
[&](https://dashboard.hackenproof.com/redirect?url=ByteSpanConst bytes) { handshake_bytes.insert(handshake_bytes.end(), bytes.begin(), bytes.end()); });
trace.push_back({"SerialiseClientHandshakeRequest_return", ""});
// Confirm handshake uses RFC example nonce rather than random
std::string handshake_str(reinterpret_cast<const char*>(handshake_bytes.data()), handshake_bytes.size());
ASSERT_NE(handshake_str.find("Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ=="), std::string::npos);
// Trace and capture a text frame
std::vector<std::uint8_t> frame_bytes;
trace.push_back({"SerialiseFrame", "frame_type=1"});
serialiser.SerialiseFrame(1 /* text frame */, StringToBytes("hi"), frame_bytes);
trace.push_back({"SerialiseFrame_return", ""});
// Verify masking bit is not set on client frames
ASSERT_GE(frame_bytes.size(), static_cast<std::size_t>(2));
ASSERT_EQ(frame_bytes[1] & 0x80, 0) << "Expected mask bit unset";
// Verify trace order
ASSERT_EQ(trace.size(), 4u);
EXPECT_EQ(trace[0].function, "SerialiseClientHandshakeRequest");
EXPECT_EQ(trace[1].function, "SerialiseClientHandshakeRequest_return");
EXPECT_EQ(trace[2].function, "SerialiseFrame");
EXPECT_EQ(trace[3].function, "SerialiseFrame_return");
}
Attachments
hidden 
Comments on this report are hidden 
Details 
Participants (3) 
