Denial-of-Service in Nimiq Ed25519 Multisig Implementation

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Executive Summary

This vulnerability exists in the Nimiq Rust implementation of the Proof-of-Stake protocol, specifically in the Ed25519 multisig delinearization code path. The function Ed25519PublicKey::delinearize() calls .unwrap() on curve point decompression, which causes a panic if the public key is constructed from 32 bytes that do not represent a valid point on the Ed25519 curve. Since the construction only checks byte length and not curve membership, invalid keys can reach this code path and crash the hosting process.

The issue affects browser and desktop wallet users during multisig operations when attacker-supplied public keys are used. Validator nodes, consensus, blockchain, mempool, and networking code are not affected. The vulnerability is classified as CWE-617 (Reachable Assertion) and has a moderate severity with a CVSS score of 4.3.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause a denial-of-service (DoS) condition by crashing the hosting process when invalid Ed25519 public keys are used in multisig operations. This means that if an attacker supplies malformed public keys, they can cause wallet applications (browser or desktop) that perform multisig operations to crash, disrupting normal use.

Since the vulnerability requires user interaction (e.g., multisig operations with attacker-supplied keys), it does not affect validator nodes or core consensus components, limiting its impact to client-side wallet software.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability occurs when invalid Ed25519 public keys (32 bytes not representing a valid curve point) are used in multisig operations, causing a panic in the Ed25519PublicKey::delinearize() function.

Detection involves monitoring for crashes or panics in the client-side wallet or web-client multisig flows, especially related to Ed25519 public key delinearization.

Since the issue is triggered by untrusted or malformed public keys during multisig operations, you can detect attempts by checking logs for panic messages or crashes related to Ed25519PublicKey delinearization.

No specific commands are provided in the resources, but you can use standard system or application log inspection commands such as:

• On Linux systems, use `journalctl -u <nimiq-service>` or `grep -i 'panic' /var/log/syslog` to find panic or crash logs.
• Use application-specific logging or debugging tools to trace multisig operations and detect failures in Ed25519PublicKey delinearization.
• Monitor for repeated crashes or denial-of-service symptoms in wallet or web-client applications handling multisig keys.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade to version 1.4.0 or later of the nimiq/core-rs-albatross project, where the vulnerability has been patched.

Until patched, users should only perform multisig operations with trusted public keys to avoid triggering the panic.

The patch replaces the panic-causing unwrap() calls with proper error handling, preventing denial-of-service from invalid keys.

No changes are needed on validator nodes, consensus, blockchain, mempool, or networking code, as they are not affected.

Useful 0 Not Useful 0