denial of service

16 Articles 0 Followers


Neblio – Orphans Memory Leak

19 Jan 2020 4 minute read 4 comments art_of_bug

Welcome again. This is probably the last time we write about Neblio. We could create new and new reports because its code is incredibly buggy, but it makes no sense given the attitude of the Neblio development team. So, just to prove the point, here...

Qtum (fixed) & NavCoin (not fixed) – Direct Block Propagation mapBlockIndex DoS

26 Dec 2019 8 minute read 0 comments art_of_bug

Welcome to the next episode. In September we have published NavCoin – Bypassing Header Spam Protection, which was a denial of service attack against the header spam filter in NavCoin. As far as we know, this issue has not been fixed in NavCoin yet. A...

Neblio – Instant Node Crash Using VerifyInputsUnspent

31 Oct 2019 5 minute read 1 comment art_of_bug

Welcome back. Last time we explained how Neblio's attempt to fix the DoS vulnerability we reported many months ago did not actually work and that it only addressed our specific exploit implementation. We explained how to perform this attack against t...

Qtum – setStakeSeen Mistake

29 Sep 2019 7 minute read 0 comments art_of_bug

Welcome back. Today we open Qtum. We started to participate in Qtum's bug bounty program many months ago and we already submitted several findings there, all of which have been accepted. Today we present one of the vulnerabilities that have been fixe...

Emercoin – Bypassing POS Temperature

28 Jul 2019 8 minute read 2 comments art_of_bug

Welcome to the next episode. Last time we discussed Emercoin's 51% attack and the related hardfork. We mentioned that there were more vulnerabilities we have discussed with Emercoin's team. Today we present one of the issues that we reported. It has...

Particl – Using Spent Kernel To Split the Network

29 Jun 2019 11 minute read 8 comments art_of_bug

Welcome again. It took us a while to get back. The reasons are both simple and sad – communication with Altcoin vendors is very difficult and slow. Many Altcoins do not have any vulnerability policy in place. You have no idea who to contact and you h...