pull down to refresh

2 vulnerabilities in bark to steal funds (Second has published fixes) - floppyuncensoredtech.substack.com/p/2-vulnerabilities-in-bark-to-steal
668 sats \ 2 comments \ @Scoresby 13 Jun bitcoin bitdevs
zaps forwarded to @1440000bytes (100%)

Floppy disk guy is out with a new post about some vulnerabilities he found in bark and responsibly reported last week. Second has already rolled out fixes for these

I found 2 vulnerabilities while reviewing bark this week since it was ready for mainnet:
  1. Nonce reuse on crash or restart — the wallet wrote its MuSig2 secret signing nonces to disk and re-used them after a restart. Reusing a MuSig2 nonce across signing sessions leaks the signer’s private key. A malicious Ark server could harvest the reuse and steal a user’s funds.
  2. Inverted HTLC expiry check — a sign-flipped comparison let a lightning recipient hold an Ark VTXO that expires after the inbound lightning HTLC. By claiming late, a receiver gets paid by the server while the server’s inbound payment dies. This drains the server (ASP).

I believe instagibbs (using the now unavailable Fable) also had a hand spotting some of these:

source

As floppy says:

Both vulnerabilities were fixed within 24 hours of responsible disclosure. The second team acknowledged it in the release notes for version bark-0.2.5.

write
compose
related posts
102 sats \ 0 replies \ @nitter 13 Jun
reply
2 sats \ 0 replies \ @DarthCoin 13 Jun

reply