Bug Description
Description:
The sync handler in main.py:119 guards against untrusted peers with:
if chain.state.accounts and not (is_trusted or is_localhost):
return
When a node starts fresh, chain.state.accounts is an empty dict {},
which is falsy in Python. The guard is never taken on a newly started node
— any untrusted peer can inject arbitrary account balances into the ledger
with zero mining or cryptographic proof.
Critical — any peer on the network can grant themselves arbitrary coin
balances on a freshly started node, completely bypassing Proof-of-Work
and all cryptographic validation.
Impact:
Fix:
if not (is_trusted or is_localhost):
logger.warning("Rejected sync from untrusted peer %s", peer_addr)
return
Steps to Reproduce
-
Start a fresh MiniChain node (empty state, no accounts yet)
-
From any untrusted peer, send this message:
{"type":"sync","data":{"accounts":{"<attacker_address>":{"balance":999999999,"nonce":0,"code":null,"storage":{}}}}}
-
Node accepts the payload and stores 999,999,999 coins for the attacker
Logs and Screenshots
Verified via static code analysis:
main.py:119
if chain.state.accounts and not (is_trusted or is_localhost):
return
When chain.state.accounts == {} (empty dict), Python evaluates this as:
if False and not (...): → guard is skipped entirely
main.py:134
chain.state.accounts[addr] = acc ← attacker balance written with no auth check
Environment Details
File: main.py
Lines: 117–134
Language: Python
Component: P2P sync handler
Impact
Critical - Application is unusable
Code of Conduct
Bug Description
Description:
The sync handler in
main.py:119guards against untrusted peers with:When a node starts fresh,
chain.state.accountsis an empty dict{},which is falsy in Python. The guard is never taken on a newly started node
— any untrusted peer can inject arbitrary account balances into the ledger
with zero mining or cryptographic proof.
Critical — any peer on the network can grant themselves arbitrary coin
balances on a freshly started node, completely bypassing Proof-of-Work
and all cryptographic validation.
Impact:
Fix:
if not (is_trusted or is_localhost):
logger.warning("Rejected sync from untrusted peer %s", peer_addr)
return
Steps to Reproduce
Start a fresh MiniChain node (empty state, no accounts yet)
From any untrusted peer, send this message:
{"type":"sync","data":{"accounts":{"<attacker_address>":{"balance":999999999,"nonce":0,"code":null,"storage":{}}}}}
Node accepts the payload and stores 999,999,999 coins for the attacker
Logs and Screenshots
Verified via static code analysis:
main.py:119
if chain.state.accounts and not (is_trusted or is_localhost):
return
When chain.state.accounts == {} (empty dict), Python evaluates this as:
if False and not (...): → guard is skipped entirely
main.py:134
chain.state.accounts[addr] = acc ← attacker balance written with no auth check
Environment Details
File: main.py
Lines: 117–134
Language: Python
Component: P2P sync handler
Impact
Critical - Application is unusable
Code of Conduct