Skip to content

Instantly share code, notes, and snippets.

@clemensgg

clemensgg/ibc_spam.md

Last active June 26, 2024 14:55
Show Gist options
  • Save clemensgg/69608677e066218fd77067a1fe0657fa to your computer and use it in GitHub Desktop.
Save clemensgg/69608677e066218fd77067a1fe0657fa to your computer and use it in GitHub Desktop.
Download ZIP
IBC relayer spam
Raw
ibc_spam.md

IBC memo spamming incident report:

2024/06/17: cosmoshub-osmosis (0-141)
spammed with over 30k packets with large memos

https://x.com/gadikian/status/1802637809871990908?t=YTOaZ4Qr8XmowwJhazn7IQ&s=19
https://www.mintscan.io/osmosis/tx/05328B81D051D0E71D4DB530665F97D83FA5286404E6677B39DA0B234C6FE7B2?height=16843794

characteristics of the txns: large size, relatively low gas cost

  • ~2M GAS
  • ~431.23 KB total tx size
  • memo: 5.15 KB
"{\"forward\":{\"receiver\":\"Jacob, you aren’t a security researcher. This is a long standing issue in the codebase with many existing mitigations. Your months long campaign of self aggrandizement using threats holding yourself up as the only hero helping is self destructive and transparently self serving. Your refusal to work with core teams in a productive manner is part and parcel of a pattern of destructive behavior that we as a community cannot continue to countenance. Please take this conversation to another channel.Jacob, you aren’t a security researcher. This is a long standing issue in the codebase with many existing mitigations. Your months long campaign of self aggrandizement using threats holding yourself up as the only hero helping is self destructive and transparently self serving. Your refusal to work with core teams in a productive manner is part and parcel of a pattern of destructive behavior that we as a community cannot continue to countenance. Please take this conversation to another channel.Jacob, you aren’t a security researcher. This is a long standing issue in the codebase with many existing mitigations. Your months long campaign of self aggrandizement using threats holding yourself up as the only hero helping is self destructive and transparently self serving. Your refusal to work with core teams in a productive manner is part and parcel of a pattern of destructive behavior that we as a community cannot continue to countenance. Please take this conversation to another channel.Jacob, you aren’t a security researcher. This is a long standing issue in the codebase with many existing mitigations. Your months long campaign of self aggrandizement using threats holding yourself up as the only hero helping is self destructive and transparently self serving. Your refusal to work with core teams in a productive manner is part and parcel of a pattern of destructive behavior that we as a community cannot continue to countenance. Please take this conversation to another channel.Jacob, you aren’t a security researcher. This is a long standing issue in the codebase with many existing mitigations. Your months long campaign of self aggrandizement using threats holding yourself up as the only hero helping is self destructive and transparently self serving. Your refusal to work with core teams in a productive manner is part and parcel of a pattern of destructive behavior that we as a community cannot continue to countenance. Please take this conversation to another channel.Jacob, you aren’t a security researcher. This is a long standing issue in the codebase with many existing mitigations. Your months long campaign of self aggrandizement using threats holding yourself up as the only hero helping is self destructive and transparently self serving. Your refusal to work with core teams in a productive manner is part and parcel of a pattern of destructive behavior that we as a community cannot continue to countenance. Please take this conversation to another channel.Jacob, you aren’t a security researcher. This is a long standing issue in the codebase with many existing mitigations. Your months long campaign of self aggrandizement using threats holding yourself up as the only hero helping is self destructive and transparently self serving. Your refusal to work with core teams in a productive manner is part and parcel of a pattern of destructive behavior that we as a community cannot continue to countenance. Please take this conversation to another channel.Jacob, you aren’t a security researcher. This is a long standing issue in the codebase with many existing mitigations. Your months long campaign of self aggrandizement using threats holding yourself up as the only hero helping is self destructive and transparently self serving. Your refusal to work with core teams in a productive manner is part and parcel of a pattern of destructive behavior that we as a community cannot continue to countenance. Please take this conversation to another channel.Jacob, you aren’t a security researcher. This is a long standing issue in the codebase with many existing mitigations. Your months long campaign of self aggrandizement using threats holding yourself up as the only hero helping is self destructive and transparently self serving. Your refusal to work with core teams in a productive manner is part and parcel of a pattern of destructive behavior that we as a community cannot continue to countenance. Please take this conversation to another channel.Jacob, you aren’t a security researcher. This is a long standing issue in the codebase with many existing mitigations. Your months long campaign of self aggrandizement using threats holding yourself up as the only hero helping is self destructive and transparently self serving. Your refusal to work with core teams in a productive manner is part and parcel of a pattern of destructive behavior that we as a community cannot continue to countenance. Please take this conversation to another channel.\",\"port\":\"transfer\",\"channel\":\"channel-569\",\"timeout\":\"12h\",\"retries\":10,\"next\":{\"receiver\":\"cosmos1h3pnkamn8wx6sxv09ehw64efwecx2fq28tl8rx\",\"port\":\"transfer\",\"channel\":\"channel-0\",\"timeout\":\"10m\",\"retries\":2}}}"

ibc receiver:

up to 11 receivers, bech32 encoded string data (PFM does a bech32 validation), each with ~ 7.82 KB

"bitsong1xqmrqepjx93xyv35xa3njvpsv3jkzdnz89jrsdtrxg6rqdfcvesnvcmzx43rzwpjx43xzv3n893xvvm9venxgdfhvejxyvmxxscnzefhxuunsdrz8yenvdtz8yenzdejx56kgvmz89nxzvrzxsmrsenx8ycrgef4v4jr2vrrvyen2vphvdjn2cenvgcrgdnrxycrzepsvgerjdfcxfjrwdtpxcmnydtzv3jrxvtyxvmr2wfexscnxce5v5enxe33v93rxdryvy6nqd3svcekycf3v5ukgdryx5mxycekxdjrxwphx43r2vtxvcenywpev5unjvp5xc6kgerxx5crydp3893xgvmrxajngvp4xyenwctrvesnzcm9xqengcfcxscrvvtrvv6kzep3xgekzetxvccnzdrxx3jx2d33xc6kvcekvy6kvef3vgunsetxx5mkxctyvfnrgwfexyunzvpk8q6kzwtpvg6rzetpx43kxwrzvsuk2ve3vcmnxwpsxser2decx4jnqe35v5mkxcm9vv6nsdf5xsmxgvnxxuerjwpexejnvcnzxgmk2cfhxsenqwp3xd3nsep5xycxyvtzxuukydejv9skvv33xsunyctrvvur2vry8qcnscmyxumrxdtyxyen2wfexd3n2dpjvgexgvfkx9jn2vpevcmxyvnyv33rvd33xaskxwrpxpsn2dm9v93kycfjx9jrwvny8qcr2erxvccrywt9xpsnsv35xf3n2vmzv5mnxepk89jxyceevc6r2efjxvmkywp4xejkgceex56nxctr8qmkgdmxv5exvvrpvfsnsvfjx5cn2wtyvsenjenx8y6ngv3nxyck2dfcv5enzdrrve3kxd33xf3x2de3xa3nqv3exqmnqwrpxgunwctzxu6xzcehxfskvdfhvymr2efkvycrjvtxxgckgdp5x4jr2vp4venrqdenxyurjdfe8qcnxwrpvgenxdehv4skyvfjvdjrgde5xucrvdfjvd3kye3ev56n2d348psnzcmyxqcrvd3cxq6rqdehx5urswp4xasnjcfjxcmryetxxenr2vrxv5crydejxvekzceexcukgvfev43rvcmxvejnwer9x5urjvpn8yenwwf4xsexgvfkvf3nseryvsckzerp893xgc3489jxydfexgeryces8q6n2epnxuekvenxx4jxxerp8yuxvcfkxycxzdrpvg6k2dpsxfsk2d3cxajr2ve5ve3rwvmxx9jnwcenx43nzd33xgcxycen893nwcfjxcurxvf5vsmrgvp48q6xgwrzxe3x2dphvyux2enyx5cnge3j89jkxdekvcunscmpxesnxenyvgmrgdpjxscnqwtyvf3nxve3v9nrsv3jxuerzvtpvejr2vtyxvunwcek8yukgceexd3nxdryxc6xgwfcv43rwdp5xqmkvepk89nrvcm9vg6ryvmp8ycrgdpc89nx2ep3x33rvvfsvy6rqdpjvgmnjde3xg6r2vmr8yenjdpsvcexydfk8y6xgcfkxf3nsdmxvcmx2dekxfskyc3s8ycrscenxd3njvpsx9snsdfnxumnxepcxenrsdfsvvmnvdfnv93kxdenvejkgd3sxpjxvvpcx3jr2dpj8p3rqdfcvyurqet9x9jrwef5xyurze3ex3jk2vfnxdjrvefkvvmkvv33xyckgcnpx5unqetrvdnrvve4xy6rswr9xccxxdp5xe3njwt9xymx2dnr8p3xyvmzv4jrjwfhv3jkgcfsvejk2cmp8yckverr8pnxyctpvgexger9xymrwcek8yengdfkv43x2df5xe3xxdfe8pjnsvnzxanrwc3exfjrjetpvscxge3hxymxzveeve3rywpjv93kgetyxd3kzce3xqcnzv3sxcmk2wp5xuuxvctpvscn2vm9vccnzdrxxyekxetzvgekgvpkvs6rwcfnxf3nsvek8qcnzef4vycr2ve4vgekgwphvcmn2ctzxucrqdfs8yckxveev5enywpe8pnxvwtzxsmnvdtrxumrqwpcxd3x2c3sxgmrgerpx5cxyvph8quxxwpnvvunswtpx9nxvvt9vsurvd3nvymxydnz8pnrswf3ve3nyvnzxymk2erpxp3xgcek8q6rsv3sv3jnxvt9vv6rvcejvf3nyefkxccnzvtxv33nqwfhx33rwdf3x9jngwrzxyenyd3hxv6rsce48pnryve5vgergdpsvvuxycfhvf3nserrxfnxyvf3vv6xzd33vv6xzvpkxgmrqv33v56r2etrxvmrqenxvc6xycfhvvengdp3vcmnjcn9vguxyv3sxanrycnz8qckxdenxuunvc3sveskxvesvcungdtyxsen2c3kx33nycmzxyurjve4v9jxyv3svgunvc33xpnrqenpvsexgvphxvcr2wf3v5unxvn9xpsnxd33v3jkxenz8qukycesxyuxgvmxxqcrywtyxsersdnzxc6n2epsxuur2wtr893nyv338quk2cnxv5ukyvtpxumrsdeh8p3x2c3hxymxvepex43xvc3expnxzwfs8qmxxdf3vcuxyvnpxdnxxv34xdjnxwp5vccrsefnxgcrzvmy8yunywpexgurxvpkxvunvwfevgmxgvt98qenycfev56kgefc8yunjc33x56kgctrxscnyd3cv5mnjdeevcmnwepev43rjcfjxy6rye34xqukgwfex93kvctrvycrgwfkvvcxvc3evfjnjvfcxf3kvdrzv3nxxvmrvycn2d35xycrjd3n8y6k2ve5vg6kgvtzx4snzdmzxe3xxetxxpjnsdfs8yenscty8ymkxcehxvcxgdekxv6ngwpkvg6rxwphv33rzdpkxv6xycnyvvekxvpcxgmrsdf4xsmryde48yunsenp8qckxwfkxajrzefjx43nywfjxu6r2veex5erqdph8quk2vp5vgersvesx4snwe3j8qmnjwp4v4jxxe3hxfnrjenpxucxyd3sx93rqefjxumrydpsx5mrydesvgmnxvf5xgexxefcx3jxzwrxve3rxdfcv43nsetrvg6rxvtzvfsn2enrxu6rgv3exyckzd3jvsckyctyv33rxdmz8yurxwfcxq6nverzxcmxzdrxvdjrwdfnvgmrxdrp8psn2dnzx4jrxdp3vy6rsdeev5mkycnpxdnrvv338yungwry8q6rzv3cvcenxwrr89jkxd3kv56ngefevvurjctr89jrxvtpxcmrgvn9xe3kvvp3xqmrvdt9vvunxwfnxqmrvcfhxa3rzdpcvv6rzefcxqmkzde3v5crjv3cx43rxdf3xyex2dtr8ymx2wfhxg6rsdeexgekgde5xcmnzdpk8ycnqvt9xscr2enrvenrvdn98qunsdnxxqmrwefkvscxycfsx4jrjc34xdnrsepjx33n2dfe8ycr2de3xguryv3kvcmkyv35x4jrscfex5mn2wf4xvmxxcejvcursdfn8ycrzvt9xvuxgepjv56nxc33vvcnjvpe8qurvc3cx5mkyd3kxvcn2enpxe3kvvenvf3nqvenxvcxgdpc8q6nvcnpxgcnqvenx33xydpexu6ngvmzxvurswpn8qukxcmz89nxxenpxuukyvr9vyurgwrpx93xgdfs8p3nqvn9xccxxwtxv9nrvwtzv33nqcehx3jk2cfnvcmnxetxv9jn2de58qmxgeryv9jngvf5vvexgef3vy6xxdtrxqcx2cfe89jkvdtxve3kzdpj8pjkxvnr8qmryden8yen2et9xc6rzdecxyuxgdfhxvcngvnrxvun2de3vsenzwrxvsmrwctrvcen2vmzxgergvf4vdjrge3kxccxvc34vyuxzerpvg6xxdnyxpjkgdf3x4jnzenyx3nr2vf5xejnqwpjxfjkzep5x43rsdrzxpsk2v3hvg6ngefkxfskgc3n8yer2cf4vejngdm9xdjkgefkx4jx2cmyxp3kzcehx5cnzepjxvmkydpj8yengwpcx9snycecv33xzep3vsenyefevvmkxvtpxfjrgwryxcunswfjxsuxgefnvgmnzdfkxvmkzvryv5cryet9vymkyvm9xd3nve3svg6rwde4x4nxgd3cx43rzdr9x5mrswp5vvurwepnxp3kydrrx43r2d3kxccrxctp8pjxxvecvgurxe3exymxxde4vg6rsvfs8pnrydtyv4skxcfhx5mrzep5vcurzdtrv9nxzvf48qmxze3sx4jkxetxv5mn2e3e89jkgve3xv6ryc3cxajrgcecvenrwdpcxajnjce4vgurzenyxy6nsdesv5ekgwtzvd3nsdm9vccnwvekv43xxdeh89jnzve5xp3nxv3jxp3xzdfhxejn2epcvvurscekxdjnzvnzvyurqcfk8pjnwepevyex2dejx3nrge3s8qcr2c338p3ryvpsx4nx2vrr8ycngcmrvvuxgd3h89jnwctzxver2vryxesnwerzx5mxzv3jxv6rgvenvguryen9xc6rvden8pjxye3h8q6rqwfkve3kyvrzxpjr2ve58yckxdfsxpjxxwfsxcek2vf3vvuk2wp5vf3nqd3nxvcnwef58qckgdehxycx2e34v5erqvmp8ymrwefsvsmnsenzxesngvfev56xyvnyvvmkvcmxv3skxdf4v33kxerzxqmkvdpcxa3rqdrzxdsnydenxvmnvvnrx5mnydfhxd3xgvm9xsersdtyvc6rxvrxxcex2ctrx5uxvd3k893ngenr8yckyef5xvmxyefh8ycxgvpkvccxgerrxpjrsefhvvergve4xc6rzvmxvfjrvwfevcex2cenvf3njvmzvfjkycnyxgengepkvy6nsdmyx9jnxefcxanxzcfhxpjnwwtyxsexxepnveskxcf4vgmrvdphxejnwdfk8yuxydf5xgeryd3nxp3rqvmpxsmxxcfhvgekyenrxuekgcfhvdjk2wrzxcukvwp5vgck2wtzxuerxd3kv9snyd34v4skgdr9xuurgdr9x3nxxdnyx93nxv3s8quryvenx33xvwp4v93nywpsv4jrqcf5xeskvwf4x43kvwryvycx2e34xvuk2e34xajnzde3xy6kvdp4v4nryctxxajrzcnzxpjnvvmpvvcnqdfhxvcxgcm989jrwc3jve3kgvpcxy6xzdrpvgurvwfevyukxd3kxgungvfkv5mxvc34xf3kzv348quxgce4vscrxetzxsenyep4xyex2etzxsmnqe33vyungc3nxuuxvwf5v9nxzd35v4jnxv3cvyukvwp4xyurgvtpxvmnjv3jxq6nxvnxx4jnvc3hvycxvdrxve3rsvejvcerjwrxxccrjdp4xvuxzvm9xvmnyvfh8yckyc3cxqurxcmyxa3rgvpexs6k2d3sx3jn2epkxp3nywtp893x2wpsx5cnjcnzx43nxv3jxc6xzdehxu6xgwpe89snzvfsve3kxcmyv3nrxvpk8qerjc3hv3jkvef3v5mrswpsvsuxzcnyxpnrjwt9xpnrxvesxgenwvmzvesnjcmr8qmkvcf4xe3nwe34vdsnswtyxgeryvf3xsurxdecv3nrvve4xvukxcm9xfjnjvfkxd3xzc3nve3rwdfnv3skgdnr8qungvfnxejngvesxdjrgwtzxumnzcekv5ergcn9v5enxdn9vesk2wf3v3nrjdmpxy6kgvpcv43rgcnxvgunwce3x3jkgwtzvdsnsve4xgenqdpexcckgvtpxvmrqdtxxuunvctxvcunvv3hxqmnxvf4vscr2etxxgcrqv3cvg6rqefnxy6xvdecvcmrxdrr8yurzdphxq6rwe34xejxvdpj8p3kvdnyxgunvv3nvgurxwf3xvukyv33x5uk2cfkxa3ngwp3v5exvvphxvmk2et9xyexzvfexp3ryctpxuer2vtpvsckzctrv5erwepkxymnvc33vfjrzctrv93xxep3xs6xzvtpxajrye3j8y6xvdp4xq6nzveh8ycnwce5xucrqcec8pnrwcmxxcmkyve5v56ngvf4xdjrwe3jvc6ryvrzv4nr2v34vymrgvfexuunxvfexejkxvpkx4skycehxa3xyefcvdsnwen9xdsnxc3k8psngcmpvvmngd35vdnrwcenvgcxve34xccrqcf5vv6nwvpsxfjrjdrx8pjrserxx43xyvmr8ycx2vfkvsmr2vm9x56xxvpn8ymxxwpev5mnyerp8quxgd33v43n2dr98yukvd3kxejkzvfjxgcrvdenx4skgdpnxdnrqdnx8ymrgerzvf3kxef5xy6nvdmxx4jnswtzvycngvfcxuurve3svsuxvvf3xserwvmpvd3rgve3vcmkyvtzvejx2c3jxsukxc33xvmrsvp3xser2vmxv4jxzdmx89skzwfhvycxyvfkvsursetpx9jxzcecx5ukgvp4x5erzcf5vcmx2vfevyckzdeexasnswtr8qcnqe34xsckzcty893xzvesvgurze3nvfsnyctx8pjryvtrvfsnydmrxguxyve4x43nvcmxxqmnycm9v43x2desvgcr2enrvg6kzdpjxymkgcnzvfjrvdmrx5unwcesxf3rvvfjv3sk2vpexpjkxcehxf3nge3jx5enydesvs6xywrz8yurjefsvveryvnx8qunjc3exucn2epkxqck2cn9vsuxgvn9v5crgc3kvyexycmyvgmnvvp4xc6nswfnvfsnvetyx5uk2dm9x5ckxveexuukxcmzxq6ryenpvymnqefnvgekvce5vgmrzwpnxvuk2wt98q6rqcf5x93xxcn98pjrsdtyxdjk2vrpv5cnjv3svgmnvdecv9skvenyxqcngcnzx56xgdtrxyex2c3hvsurzvtxvsmnjctyxpjnwctzxcurqwfeve3nxd3ev4nrjwtzxscnwerrxymrsvm9xpjr2ef4vvengdnp8qurqcmrv33rzepkxumnydf4xqenjc3hxvmxvv3nvcexxdmxx4jrgvf48p3kgwp4xgux2vecxgenscmxxs6rswp5v5crqer9xd3kzdtpvfnryd3kx43rvwf3v5erqwr9x5cxvwtzvgengvfhxscxvcee8ymnxe3s893xycfcv3jrqdr9x9jnqvp5vfnr2cfsxejnxen9xajnsep4v4snvvm98y6rxcnyv93xxwfhx33xgwp4xvmxyvfnvsmrjcejvdskzdr9xenrzwtpvcur2v34v43kve3kvyex2wf5xvmr2epex4jkvet9v3snvvf3vs6rwwtxxejrvdn98qmkyv3nxgerse33venxycf3xcuxxvpcxcexxvnpxpjxzvpkxccxgepev5urqdtr893rjvrxv43njvp4xf3xgcnrxumr2cmyvvmn2cmyxqmrzdtpvccnxenzvvurxvp3xymnqdmpx3jrqwf3xp3rqdenvc6kzerrvf3x2d3cvyuxgwryxymx2d3cv56xvcenx43rzdpjxquxxdfex56kydfjv5unyefnxcunzwf5vscxzdrrxcunjenpxv6nvvf4xajkxc3sxyck2ctpxqmnzvph8quxxwf4ve3njdr9xquxxvf58y6nxdnyxgcxzv3jvgmxvdehx5ux2ctyxqungcmx89nr2wtzxymkzvp48p3ryc3kxcuxvdfkv9jnve3nxumnxwry8qmnjd35vcerjwtpvgcnje3sv5unvepexgmxxwfjvfjx2dm9v4jnzdp3xcenyetxxy6kyefcxyenjdt9x4jx2epexucnwvfsxqukvvp48q6rwwtxxpnx2df4vymnvctzv5un2drxvgmnvenrv5ukydf5xpjrwwt9xd3rzvehxscnqctxxy6nqd3nxyuxxcmz"

This was able to significantly degrade network performance on Osmosis (by x3) for ~1h

Mitigation:

We can filter packets in hermes in various ways:

e.g. filter out all packets with

  • a memo > 4kB
  • a receiver field > 2kB

config.toml:

# Set the maximum size for the memo field in ICS20 packets.
# If the size of the memo field is bigger than the configured
# one, the packet will not be relayed.
# The filter can be disabled by setting `enabled = false`.
# [Default: "32KiB"]
ics20_max_memo_size = { enabled = true, size = "4KiB" }

# Set the maximum size for the receiver field in ICS20 packets.
# If the size of the receiver field is bigger than the configured
# one, the packet will not be relayed.
# The filter can be disabled by setting `enabled = false`.
# [Default: "2KiB"]
ics20_max_receiver_size = { enabled = true, size = "2KiB" }

ref: https://github.com/informalsystems/hermes/blob/8da7082632a7f699e689906aa4dde735bba25a72/config.toml#L82C1-L88C1

^ this should currently suffice even for larger valid (user-initiated) packets using PFM / squid router / circle CCTP msgs.

bump max_gas to 100M for osmosis in hermes config

^ run these settings and channel clearing deactivated so new packets are handled.

Osmosis fix for EIP-1559: v25.1.0

IBC v8 field length check was backported to v7

💥 New Releases:

v7.6.0 introduces size limits on the memo field and reciever field in IBC packets, back-ported from the v8 release line.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment