Commits on Apr 11, 2018

1. 🔒 Fix DoS vulnerability in Credit Protocol contract …

   `#executeUcacTx` is an inexpensive and unauthenticated function that
   increases the transaction counter for a UCAC without actually
   performing a transaction, up to that UCAC's transaction limit.
   
   A motivated attacker can call this function continuously to perform
   a denial-of-service (DoS) attack on a UCAC, preventing legitimate
   transactions using that UCAC from being processed.
   
   Once started, this attack can be maintained indefinitely.
   
   Potential mitigations/effects on a live contract include:
   
    * An attack on a UCAC may incentivize its stakeholders to unstake
      their tokens.
   
    * The fewer tokens staked in a UCAC, the less expensive the attack
      becomes to perform and maintain.
   
    * Staking more tokens in the UCAC will increase the transaction limit,
      thus increasing the cost to perform and maintain the attack.
   
   The best mitigation for this attack, then, for a live contract, would
   be for token holders to stake enough tokens in the affected UCAC to
   make the attack too expensive for the attacker to maintain.

   

   canterberry committed Apr 11, 2018
   Configuration menu

   • View commit details
   • Copy full SHA for 082e01f
   • Browse repository at this point

   Copy the full SHA

   082e01f View commit details

   Browse the repository at this point in the history