Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The Threshold Network is a collection of various services that use threshold cryptography by relying on multiple secret keepers. One of these services is tBTC that bridges native assets. The mechanism used the Bitcoin merkle root is busted.

The mechanism uses Simplified Payment Verification (SPV), which is a light client verification for Bitcoin. When SPV needs to verify a transaction, it only contains the merkle root and block hash for verification to verify that a given transaction is in the tree. This is similar to how IBC works.

SPV doesn't include the amount of transactions. The hashed values are 32 bytes long and the transactions are 64 bytes long. To get parent of a transaction, we hash it. To generate a non-leaf node we concatenate the two hashes together then hash it.

Because there is no tracking of the count and no delimiters between the data, it's possible to trick the system to think that a raw transaction is there when its actually not. This is done by adding an extra transaction below a node (which gets hashed) to the value we want.

Within a transaction, the information is mostly random but many of them are controlled by the attacker. This would require a lot of grinding to do but is feasible.

The developers knew about this exact issue and it's even in Linux documentation. However, the developers deemed it unexploitable because it's only doable with transactions that are 64 bytes in size, which most were not. The bug hunter realized that this was NOT the case though - coinbase transactions could be used.

A malicious miner could create a 64 byte coinbase transaction that would be accepted by the network. To fix the issue, a length check was added and actual validation of the coinbase proof itself.