Reproduction success (2).eml

MIME-Version: 1.0
Date: Tue, 26 Sep 2023 00:15:21 +0800
References: <CAK5+0FQS+4i2Ew0weiURMz3rzvcKKYbOOvny8zfLw4VMX_63xQ@mail.gmail.com>
	<CAGYWHoZxkXKgEBN=OX-dVYoUnMh7ZtD6kLN-xpBtrmY-bwOPhA@mail.gmail.com>
In-Reply-To: <CAGYWHoZxkXKgEBN=OX-dVYoUnMh7ZtD6kLN-xpBtrmY-bwOPhA@mail.gmail.com>
Message-ID: <CAK5+0FQx9qD2VGXjBzKLRaEpV1L97aMSCOxFC8r1OtMMaNXEZQ@mail.gmail.com>
Subject: Re: Reproduction success
From: Jacob Gadikian <jacob@notional.ventures>
To: Moshe Mizrahi <mo@amulet.dev>
Cc: security@interchain.io, syed@interchain.io
Content-Type: multipart/alternative; boundary="000000000000ba042e0606314370"

--000000000000ba042e0606314370
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

It's all in the GitHub repository that you have access to.

It is also all in slack.

Cosmos hub governance has approved notional as the incident response
provider and it would be cool to like actually work with you guys on this
but it just doesn't seem to be what's happened.

In order to execute the attack, you simply use the shell scripts found in
the readme file of the spammy repository.

GitHub.com/notional-labs/spammy

So far I have not tightened the attack. I believe that it would be possible
to fully deprive chains of block production.

It would be nice if we could work together in that slack channel, we may
have been able to respond more rapidly. The attack in total deprives the
chain of block production by simply spamming a 50 kilobyte transaction.

It was fully successful on the cosmos have testnet.



On Tue, Sep 26, 2023, 12:01 AM Moshe Mizrahi <mo@amulet.dev> wrote:

> Hey Jacob,
>
> Thanks for the update. If you can share your reproduction steps with us
> and/or any artifacts that could capture the state that would be great.  W=
e
> have several folks working on trying to reproduce this.
>
> Thanks,
> Mo
>
> On Mon, Sep 25, 2023 at 8:35=E2=80=AFAM Jacob Gadikian <jacob@notional.ve=
ntures>
> wrote:
>
>> Hi, I'm writing to let you know that I have successfully reproduced the
>> attack.
>>
>> To be very direct, the attack is a lot worse than I thought.
>>
>> In order to cut block production down to around 30 seconds per block, I
>> don't need to spend any gas at all.
>>
>> So this is without going multi-Wallet and it's honestly trivial.
>>
>>
>> --
>> You received this message because you are subscribed to the Google Group=
s
>> "security" group.
>> To unsubscribe from this group and stop receiving emails from it, send a=
n
>> email to security+unsubscribe@interchain.io.
>>
>

--000000000000ba042e0606314370
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">It&#39;s all in the GitHub repository that you have acces=
s to.<div dir=3D"auto"><br></div><div dir=3D"auto">It is also all in slack.=
</div><div dir=3D"auto"><br></div><div dir=3D"auto">Cosmos hub governance h=
as approved notional as the incident response provider and it would be cool=
 to like actually work with you guys on this but it just doesn&#39;t seem t=
o be what&#39;s happened.</div><div dir=3D"auto"><br></div><div dir=3D"auto=
">In order to execute the attack, you simply use the shell scripts found in=
 the readme file of the spammy repository.</div><div dir=3D"auto"><br></div=
><div dir=3D"auto">GitHub.com/notional-labs/spammy</div><div dir=3D"auto"><=
br></div><div dir=3D"auto">So far I have not tightened the attack. I believ=
e that it would be possible to fully deprive chains of block production.</d=
iv><div dir=3D"auto"><br></div><div dir=3D"auto">It would be nice if we cou=
ld work together in that slack channel, we may have been able to respond mo=
re rapidly. The attack in total deprives the chain of block production by s=
imply spamming a 50 kilobyte transaction.</div><div dir=3D"auto"><br></div>=
<div dir=3D"auto">It was fully successful on the cosmos have testnet.</div>=
<div dir=3D"auto"><br></div><div dir=3D"auto"><br></div></div><br><div clas=
s=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, Sep 26, 202=
3, 12:01 AM Moshe Mizrahi &lt;<a href=3D"mailto:mo@amulet.dev" target=3D"_b=
lank" rel=3D"noreferrer">mo@amulet.dev</a>&gt; wrote:<br></div><blockquote =
class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid=
;padding-left:1ex"><div dir=3D"auto">Hey Jacob,</div><div dir=3D"auto"><br>=
</div><div dir=3D"auto">Thanks for the update. If you can share your reprod=
uction steps with us and/or any artifacts that could capture the state that=
 would be great.=C2=A0 We have several folks working on trying to reproduce=
 this.=C2=A0</div><div dir=3D"auto"><br></div><div dir=3D"auto">Thanks,=C2=
=A0</div><div dir=3D"auto">Mo</div><div><br><div class=3D"gmail_quote"><div=
 dir=3D"ltr" class=3D"gmail_attr">On Mon, Sep 25, 2023 at 8:35=E2=80=AFAM J=
acob Gadikian &lt;jacob@notional.ventures&gt; wrote:<br></div><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;=
padding-left:1ex"><div dir=3D"auto">Hi, I&#39;m writing to let you know tha=
t I have successfully reproduced the attack.<div dir=3D"auto"><br></div><di=
v dir=3D"auto">To be very direct, the attack is a lot worse than I thought.=
</div><div dir=3D"auto"><br></div><div dir=3D"auto">In order to cut block p=
roduction down to around 30 seconds per block, I don&#39;t need to spend an=
y gas at all.=C2=A0</div><div dir=3D"auto"><br></div><div dir=3D"auto">So t=
his is without going multi-Wallet and it&#39;s honestly trivial.=C2=A0</div=
></div><div dir=3D"auto"><div dir=3D"auto"><br></div><div dir=3D"auto"><br>=
</div></div>

<p></p>

-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;security&quot; group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:security+unsubscribe@interchain.io" rel=3D"norefe=
rrer noreferrer" target=3D"_blank">security+unsubscribe@interchain.io</a>.<=
br>
</blockquote></div></div>
</blockquote></div>

--000000000000ba042e0606314370--