NEO Unveils The Details About The DoS Vulnerability Patch And Fork Incidents
The NEO Foundation has released a statement in which they explain that a Denial of Service – commonly known as DoS – vulnerability that was affecting the NEO platform has already been patched.
The vulnerability was published by Zhiniang Peng from the security company Qihoo 360 on August 15, 2018. According to the statement, Erik Zhang took just 7 minutes to test and confirm the vulnerability and 56 minutes to release the bug fix. This eliminated the possibility of the bug being exploited by hackers.
The vulnerability was found in the Smart Contract platform, but more specifically, the System.Runtime.Serialize system call. This did not take into consideration nested arrays.
With a bug of this kind, it is possible to cause an infinite loop until the stack-space was exhausted.
A StackOverflowException would be triggered after this situation that would allow the entire process to terminate and prevent the handling code from executing. This situation would crash NEO’s nodes attempting to parse the malicious contract.
About this situation, Zhiniang Peng commented:
“It is worth mentioning that within 7 minutes after we emailed the NEO official to notify this vulnerability, Erik Zhang, one of the founders of NEO, replied directly to confirm the existence of the vulnerability and submitted the bug fix within an hour. Their efficiency is quite amazing.”
NEO Accidental Fork
Additionally, there was an accidental blockchain form on the NEO network. That means that two independent networks, sharing the same previous blocks, were operative.
Blockchain networks that use the so called Proof-of-Stake or Proof-of-Work (PoS and PoW) consensus, can continue having blocks added by miners or validators. The longest chains are usually considered to be the truthful chain, which means that transactions in the other network would be reversed.
NEO works in a different way. It uses a consensus that is achieved with 66% quorum of consensus nodes, and not individual competing validators or miners that propose their own blocks. This prevents situations in which more than one block is validated at a time, preventing a fork from occurring. Moreover, NEO have same-block finality, as confirmations are no longer required to trust a transaction’s permanence.
It is important to mention that this fork was caused by an issue that is not common. Two valid blocks were proposed, and if both receive enough signatures from the consensus nodes, that causes a single block fork. However, this only created confusion among nodes due to the fact that they became stuck on the conflicting block.
Intermediate nodes were created, used by light wallet clients such as Neon, and that were not able to remain synchronized with the whole network. In this way, light wallets and exchanges suffered outages that continued until the nodes became re-synchronized.
In order to solve this, it was necessary to add a third stage to the NEO consensus mechanism, a solution in development by CoZ member Shargon.
NEO has originally used a 2-phase protocol that has a ‘pre-prepare’ and ‘prepare’ phases. This allows consensus to occur more quickly. With this third ‘commit’ phase that was added to the protocol, consensus becomes much more secure.
These changes mean that there will be a slight delay to the consensus in return for a full fork prevention. However, the delays will be invalidated by other optimizations to the dBFT protocol in the future.