QuarksLab, a security research company entrusted with auditing Monero’s Bulletproof protocol, announced its findings Oct 22, 2018. Eight Critical issues, along with two medium-impact vulnerabilities, and 20 low-impact concern/vulnerabilities were found. Monero is believed to have already initiated corrective measures to patch the highlighted issues.
Second Audit of Monero’s Bulletproof Protocol
This was the second of the two audits commissioned by the Monero Research Lab, with support from the Open Source Technology Improvement Fund (OSTIF), the Private Internet Access, and the Monero community. The primary objective of both audits was to gain in-depth insights into the Bulletproof protocol from a security standpoint.
The first audit was conducted in July 2018 by Kudelski Security. In its report, the security firm concluded that Bulletproof’s code was largely clean, although it carried four low severity bugs that were quickly patched. The report further stated that despite a number of “informational issues,” the C implementation that Monero derived from the original Java code was more or less suitable to use with some minor tweaks.
The audit by QuarksLab was led by three senior engineers who examined Monero’s implementation of Bulletproof.
For the uninitiated, Bulletproof is a zero-knowledge proof (ZK-Snarks) related improvement protocol first proposed in Dec 2017. Moero claims that Bulletproof enables smaller, cheaper, and faster transactions while simultaneously enabling it to scale in a significantly more efficient manner. One key idea behind the Bulletproof protocol is to cryptographically verify the authenticity of a proof without disclosing its value or any sensitive information.
Among the most critical issues detected during the audit was a denial of service vulnerability that could potentially enable an attacker to remotely crash Monero nodes. This puts the network in danger of large-scale DoS attacks.
Additionally, the same vulnerability could be potentially exploited to perpetrate 51% attacks and forced chain splits, leading to double-spends. Interestingly, Monero Research Lab and QuarksLab, along with the other stakeholders agreed to temporarily halt the release of the report as this issue affected live codes. According to OSTIF, the Monero XMR network has since got rid of this vulnerability.
QuarksLab noted in its report:
“Four major vulnerabilities can be triggered by untrusted inputs to the proof verification function. Besides allowing to produce wrong output values, they could be the first steps towards making a verifier accept a false proof:
“Three medium vulnerabilities in deserialization procedures (including an improper size validation) were also found. Because deserialization occurs on untrusted inputs, under control of an attacker, the bugs can lead at least to exceptions and potential denials of service.”
QuarksLab also made several recommendations to improve code practices, and by extension, the robustness of the Monero code, to ensure heightened performance, reliability, and security.
Meanwhile, the geekier among you dying for a peek into the full report, here you go: Monero Bulletproof protocol audit report [PDF]