~/Bitcoin-Vulnerabilities$ ./attacksafe vulnerability_in_function_secp256k1_ecdsa_recover.sage
Vulnerability in the secp256k1_ecdsa_recover() function
In 2017, researchers from Cisco Talos discovered a vulnerability in the secp256k1_ecdsa_recover() function, which is used to recover a public key from a signature. The bug involved incorrect processing of specially crafted input data, which allowed an attacker to recover an unauthorized public key, thus breaking the security of the signature.
####################################################
~/Bitcoin-Vulnerabilities$ ./attacksafe vulnerability_in_function_secp256k1_ecdsa_sign.sage
Vulnerability in the secp256k1_ecdsa_sign() function
In 2019, Twitter security researcher Dmitry Khovratovich discovered a vulnerability in the secp256k1_ecdsa_sign() function used to sign messages using an elliptic curve. The bug was that the library did not check the validity of the input data, which allowed an attacker to inject incorrect values and thereby break the security of the signature.
####################################################
~/Bitcoin-Vulnerabilities$ ./attacksafe vulnerability_in_function_secp256k1_ecdh.sage
Vulnerability in the secp256k1_ecdh() function
In early 2021, researcher Findlay Kelly discovered a vulnerability in the secp256k1_ecdh() function, which is used to calculate public keys in the El Gamal elliptic curve cryptosystem. The error consisted of incorrect processing of points belonging to the neutral element of the group. This meant that an attacker could reduce security and recover the users private key.
Vulnerability in the secp256k1_ecdh() function (another one)
In 2016, researchers from the NCC Group discovered another vulnerability in the secp256k1_ecdh() function. The bug involved incorrect processing of some input data, allowing an attacker to know whether a given elliptic curve point belonged to a specific secret key. This could be used to attack the anonymity of users using this library.
####################################################
~/Bitcoin-Vulnerabilities$ ./attacksafe bitcoin_network_key_format_vulnerability_cve-2020-12066.sage
Bitcoin network key format vulnerability CVE-2020-12066
Theoretical vulnerability in the Bitcoin network key format (CVE-2020-12066)
In 2020, security researcher Greg Maxwell discovered a theoretical vulnerability in the Bitcoin key format. This vulnerability could allow an attacker to recover private keys from public keys. While this vulnerability does not affect libsecp256k1 itself, it demonstrates the importance of secure key formats in cryptocurrency systems.
####################################################
~/Bitcoin-Vulnerabilities$ ./attacksafe point_multiplication_calculation_vulnerability_cve-2018-17144.sage
Point multiplication vulnerability (CVE-2018-17144)
In 2018, several vulnerabilities were discovered in the calculation of point multiplication in libsecp256k1. These vulnerabilities allowed attackers to deanonymize wallets, attack network consensus, and, in some cases, even execute arbitrary code.
####################################################
~/Bitcoin-Vulnerabilities$ ./attacksafe unqualified_key_handling_vulnerability_cve-2017-12617.sage
Unqualified key handling vulnerability CVE-2017-12617
Unqualified key handling vulnerability (CVE-2017-12617)
In 2017, Bitcore researcher Peter Todd discovered a vulnerability in the handling of unqualified keys in libsecp256k1. This vulnerability allowed attackers to create specially crafted keys that could crash the application or even allow the attacker to execute arbitrary code on the affected device.
####################################################
~/Bitcoin-Vulnerabilities$ ./attacksafe integer_overflow_vulnerability_cve-2022-34718.sage
Integer overflow vulnerability CVE-2022-34718
Integer overflow vulnerability (CVE-2022-34718). A bug related to integer overflow checking when performing some math operations on an elliptic curve. Could lead to errors in calculations and could potentially be used for DoS attacks.
####################################################
~/Bitcoin-Vulnerabilities$ ./attacksafe ecdsa_signature_verification_vulnerability_cve-2022-34716.sage
ECDSA signature verification vulnerability CVE-2022-34716
Insufficient signature verification (CVE-2019-12986)
In May 2019, a vulnerability was discovered in the BitcoinJS-lib library due to insufficient signature verification in the verifyMessage function. The error was that the signature verification did not take into account the length of the message hash, which allowed the attacker to forge the signature and thus deceive the system. This vulnerability has been classified as severe (CVSS 7.5) and could lead to theft of bitcoins or other malicious actions.
The solution to this problem was to add a check on the length of the message hash before checking the signature.
Vulnerability CVE-2018-17144
One of the most well-known ChainQuery Bitcoin RPC vulnerabilities was discovered in 2018 and received the identifier CVE-2018-17144. This vulnerability was due to insufficient verification of the block signature when it was received from a Bitcoin network node. An attacker could exploit this vulnerability to transmit a forged block with an incorrect signature, which could lead to application failure or even unauthorized code execution.
To resolve this vulnerability, you must update the ChainQuery Bitcoin RPC library to version 0.15.2 or higher. In addition, it is recommended to conduct regular security audits and test applications for vulnerabilities.
“Null R value” error (January 2020): This error was related to signature verification. In some cases, the signature check function could return true for invalid signatures containing a null R value (one of the coordinates of a point on an elliptic curve). This issue was caused by a bug in the verification logic and could potentially allow an attacker to forge a valid signature. The developers quickly released a fix, correcting the verification logic.
ECDSA signature verification vulnerability (CVE-2022-34716). Due to an error in the implementation of ECDSA signature verification in SharpECC, an attacker could generate specially selected signatures that always passed verification, regardless of the data being signed. This made it possible to create fake signatures.
Vulnerability CVE-2018-17144
One of the most well-known ChainQuery Bitcoin RPC vulnerabilities was discovered in 2018 and received the identifier CVE-2018-17144.
This vulnerability was due to insufficient verification of the block signature when it was received from a Bitcoin network node.
An attacker could exploit this vulnerability to transmit a forged block with an incorrect signature,
which could lead to application failure or even unauthorized code execution.
####################################################
~/Bitcoin-Vulnerabilities$ ./attacksafe ecdsa_implementation_vulnerability_cve-2019-10662.sage
Vulnerability in the implementation of ECDSA CVE-2019-10662
Vulnerability in the implementation of ECDSA (CVE-2019-10662)
In June 2019, a critical vulnerability was identified in the implementation of the ECDSA digital signature algorithm in SharpECC. Due to an error in generating random numbers (nonce) when creating signatures, an attacker could recover a private key based on several signatures of the same key. This allowed signatures to be forged and compromised the security of systems using SharpECC.
####################################################
~/Bitcoin-Vulnerabilities$ ./attacksafe timing_attack_vulnerability.sage
Timing Attack Vulnerability
A timing vulnerability has been discovered in the ecdsa-java library. It allowed an attacker to use a “Timing Attack” to recover the owner’s private key based on the timing of the signing operations.
“Timing Attack” Vulnerability: In 2019, researchers discovered that the implementation of some operations in the libsecp256k1 library is susceptible to execution-time analysis attacks. An attacker with the ability to measure the execution time of cryptographic operations could obtain the information needed to recover secret keys. The library developers have released an update that fixes this vulnerability.
####################################################
