Skip to content
/ pkt-wedgie Public
forked from thekingbreaker/pkt-wedgie

Audit Report + Demonstration code for flaw found in the PKT Blockchain

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Joshua2504/pkt-wedgie

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 
console_1.png
console_1.png
 
 
diag_1.png
diag_1.png
 
 
diag_2.png
diag_2.png
 
 

Repository files navigation

PKT Blockchain Audit Report (pkt-wedgie)

Hardnonce Bypass / Fake Announcement Production

audit performed by TheKingBreaker (github.com/thekingbreaker)

A concerning flaw has been identified in the PKT algorithm with regards to production/validation of announcement mining. The announcement mining relies on two levels of work (hard/soft). This flaw manages to skip the hard work part. It allows a miner to produce higher volume as well as fake announcements, effectively breaking the PKT blockchain consensus. In theory, should be fairly trivial for a cloud miner/carder to create their own private pool to take advantage of the higher volume of fake announcements. They can internal mine using a very low work target. It is also possible to create fake announcements at extremely high work targets, but the volume will be smaller.

Please refer to diagram below which shows how normal operation works using the standard packetcrypt-rs implementation. In order to search for valid announcements, the miner needs to perform hard round + soft round per thread.

Alt text

The hard round involves building a merkle tree containing 8192 randhash items.
This is performed for every new soft round, adding a throttle to the amount of announcements a miner can produce.
The issue with this design is that the block miner blindly accepts whatever merkle root hash that the announcement miner provides. The announcement miner can fake the 8192 items. In this demonstration we simply modify one item every round in order to force a new merkle root hash. This means the previously computed randhash items can be recycled (free) - only need to rebuild the merkle tree.

In the diagram below we can see how mining algorithm can be abused to create high volume of fake announcements. With this setup all threads only need a single hard round. The hard nonce value is no longer used - it can be set to whatever value the miner wants.

Alt text

This report comes along with sourcecode (src.7z release) that demonstrates this flaw in a live environment. The sourcecode is a modified version of packetcrypt-rs, it has been tweaked to make it easier to see how the flaw can be implemented.

To build:

CC=clang cargo --release --features jemalloc --features jit

To run

./target/release/packetcrypt ann http://pool.pkt.world/master/2048 --paymentaddr <your wallet here>

At a worktarget of 2048 it should start creating fake announcements fairly quickly. Once its up and running, wait a bit and you should see something like screenshot below:

Alt text

About

Audit Report + Demonstration code for flaw found in the PKT Blockchain

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published