The Mithril network enables fast Cardano node bootstrapping by providing certified database snapshots. A vulnerability exists in how Mithril computes multi-signatures for snapshots, as certain files (last immutable file, ledger state) are excluded from verification. This allows tampered ledger states to bypass detection during node startup, where only lightweight checks are performed. Attackers could exploit this by distributing malicious snapshots via a compromised aggregator, leading to undetected long-range attacks.
DailyCVE Form:
Platform: Cardano (Mithril)
Version: <0.12.2 (client), <0.7.44 (aggregator)
Vulnerability: Inconsistent Snapshot Verification
Severity: Critical
Date: 2023-XX-XX
What Undercode Say:
Exploitation:
1. Tampered Snapshot Injection:
- Modify ledger state files in a Mithril snapshot.
- Distribute via a malicious aggregator.
2. Bypass Verification:
- Cardano nodes loading the snapshot skip full validation.
- Malicious chain state persists undetected.
Protection:
1. Update Components:
Update Mithril client pip install mithril-client==0.12.2 Update Mithril aggregator docker pull ghcr.io/input-output-hk/mithril-aggregator:0.7.44
2. Manual Snapshot Verification:
Verify ledger state signature mithril-client verify --snapshot <snapshot_file> Cross-check with genesis hash cardano-cli query protocol-parameters --testnet-magic 42
3. Monitor Aggregators:
Sample Python check for aggregator integrity
import requests
response = requests.get("https://aggregator.mithril.network/health")
assert response.json()["is_verified"] == True
4. Disable Fast Sync if Suspicious:
cardano-node config.yaml BootstrapMode: "safe"
5. Log Analysis for Anomalies:
grep "LedgerStateError" /var/log/cardano-node.log
References:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
