denial of service

16 Articles 0 Followers


Nebulas – String Repeat Crash

11 Oct 2020 4 minute read 5 comments art_of_bug

Welcome to our next episode. Today we close Nebulas. The project failed to fix the vulnerabilities we reported previously, there was no official response to our attempts to contact its team. In at least one case a moderator of its subreddit deleted o...

IOST – ArrayBufferAllocator Reusing Problem

12 Sep 2020 6 minute read 3 comments art_of_bug

Welcome back. Today we come back again to IOST. And again, today's report is on an already fixed vulnerability allowing the attacker to critically damage whole network with just sending calls to a specially crafted contract. The proof of knowledge is...

Nebulas – Exhausting Disk Space Using Contract Logging

11 Aug 2020 4 minute read 4 comments art_of_bug

Welcome to our next episode. Today we continue with Nebulas which goes, slowly but steadily, towards being the worst project we have ever analyzed. Why is that? It's because we still haven't received any reply to any of our attempts of contacting the...

IOST – Timed Out Transaction Validation Problem

19 Jul 2020 7 minute read 2 comments art_of_bug

Welcome back. Today we come back to IOST. As we mentioned before, IOST team contacted us and we've been working together since. Today's report is on an already fixed vulnerability allowing the attacker to critically damage whole network with just sen...

Nebulas – Using WebAssembly To Bypass Gas Counter

21 Jun 2020 6 minute read 5 comments art_of_bug

Welcome to our next episode. Today we open Nebulas. Similarly to IOST, this blockchain project uses Google's V8 JavaScript engine in order to allow smart contracts to be written in JavaScript. Speaking of IOST, after the initial disappointment due to...

IOST – Unchecked JavaScript Class Crashes Miners

15 Apr 2020 4 minute read 0 comments art_of_bug

Welcome to our next episode. During recent weeks we have spent a lot of time analysing IOST. Unlike the previous projects we have analysed so far, this one is not based on the code of Bitcoin. Therefore there was much more to analyse than before. On...

Denial of Service (DOS) on Wifi using Ostinato Linux

10 Apr 2020 1 minute read 0 comments 0fajarpurnama0

I will create a separate software installation page. Install Ostinato packet generator and all updates: http://software.opensuse.org /download.html?project=home:pstavirs:ostinato&package=ostinato I use Ubuntu 12.04 LTS sudo echo 'deb http://download....

Denial of Service (DOS) on Wifi using CommView Windows

9 Apr 2020 2 minute read 0 comments 0fajarpurnama0

In my opinion DOS is hacking which prevents other users from doing activities on the network. Here I will demonstrate DOS on a wifi using CommView for WIFI on Windows. Downloading CommView Download the program first and install. It is recommended on...

Qtum – Bypassing Header Spam Protection

14 Mar 2020 19 minute read 0 comments art_of_bug

Good to see you again. Today we disclose our third report on Qtum. Previously we have published two articles discussing bypassing protection against header spam (aka Fake Stake) attack and a bug in Qtum regarding setStakeSeen mechanism. Today we pres...

Syscoin – Unhandled Exception in RLP Constructor

16 Feb 2020 10 minute read 0 comments art_of_bug

Nice to see you again. Today we are back to Syscoin. Previously we have published two submissions to the bounty related to the implementation of Sysethereum bridge. Today we present a vulnerability that we found before working on the mentioned bounty...