Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Sui is a layer 1 blockchain is famous for its speed and concurrency. By being architected in this way and using Rust under the hood, it hits incredible speeds. The tldr; of the vulnerability is a out of memory denial of service bug that's not particularly interesting. However, the explanation of the eco-system is interesting and I'll post that for myself here.

Sui uses Narwhal as a mempool (pending transaction list) implementation and Bullshark for the consensus engine (synchronize network between validators). This is done by Narwhal parallel orders of transactions into batches where Bullshark figures out a DAG to form these from. Under the hood, Bullshark uses the BFT consensus algorithm.

Sui network transactions happen with the following steps:

1. Send transaction to a full node, which will send to all of the other validators, which perform checks on these.
2. A quorum of 2/3 (after weights on the voters) is collected. Once this is true, the information about the vote is broadcasted across the network with a combined certificate.
3. Each validator checks the certificate. If it's valid, it will execute the transaction locally.
4. Optionally, the quorum driver can collect an effects certificate based on the previous step and return it to the sender as proof of finality.

When processing the incoming certificate, the logic for this does not consider a malicious user. A user can put an infinite amount of digests within the certificate then grabs the corresponding certificates for these digests. By providing a large amount of digests and large certificates, this turns into a denial of service vulnerability.

Sending a 37MB payload with 1.2M digests triggers an out of memory exception, crashing the blockchain. Honestly, I wish the report was smaller. Most of the information wasn't required to understand the bug... but, DoS to take down blockchains is interesting none-the-less.