Vulnerability Found In Babylon Staking Code Could Slow Block

A newly discovered vulnerability may enable malicious validators to omit the hash field when posting blocks, leading to validator crashes and slowing block production.

A newly disclosed software flaw in the Bitcoin staking protocol Babylon may allow malicious validators to disrupt parts of the network’s consensus process, potentially slowing block production during key periods, according to developers.

The vulnerability affects Babylon’s block signature scheme, known as the BLS vote extension, which is used to prove that validators have agreed on a block.

The bug enables malicious validators to intentionally omit the block hash field when sending their vote extension, which could lead to validator consensus issues during the epoch boundaries of the network, according to a GitHub post published on Thursday.

The block hash field tells validators which blocks they are actually voting for during the consensus process, a field that the bug allows to be omitted.

Through the vulnerability, a malicious validator could theoretically crash other validators during key consensus checks during epoch boundaries, leading to a slowdown in block production if multiple validators were affected.

Related: Bitcoin DeFi TVL up 2,000% amid bumper 2024 for BTC price, adoption

“Intermittent validator crashes at epoch boundaries, which would slow down the creation of the epoch boundary block,” wrote pseudonymous contributor GrumpyLaurie55348, who discovered the vulnerability. “Babylon then dereferences this nil pointer in consensus-critical code paths (notably VerifyVoteExtension, and also proposal-time vote verification), causing a runtime panic,” they added.

Cointelegraph has reached out to Babylon for comment on the potential impact and resolutions to the vulnerability, but had not received a response by publication.

The bug has not been described as actively exploited, but developers warned it could be abused if left unresolved.

Source: CoinTelegraph