ChainSecurity completes the limited review of Java-Tron, the Client running Tron.
The review was conducted to identify potential security risks that could impact TRON’s transaction execution, block generation, and consensus mechanisms.
The audit focused on three key areas: the Tron Virtual Machine (TVM), consensus, and the peer-to-peer (P2P) network. Through this review, multiple vulnerabilities were identified that, if exploited, could have led to network disruptions or performance issues. All three vulnerabilities mentioned below have been addressed.
Key Findings:
PBFT Messages Create State Expansion
A vulnerability was discovered where Practical Byzantine Fault Tolerance (PBFT) messages were stored in memory, even though PBFT was not enabled by default. This could have caused unbounded memory expansion, leading to potential Denial-of-Service (DoS) attacks. The issue has been resolved by processing PBFT messages only when the feature is enabled.
Unpermissioned Censorship of Fork Blocks
An attacker could censor valid fork blocks by creating a fork chain with fake blocks. When the node detects the invalid blocks, the entire fork, including legitimate blocks, would be discarded, leading to network inconsistencies. This issue has been mitigated by filtering out blocks from invalid producers before processing.
Resource Consumption by Unsigned Blocks
Blocks not signed by witnesses were still being processed, which could lead to unnecessary consumption of memory, storage, and CPU resources. This posed a significant risk, as malicious actors could have exploited this to slow down the network. The solution now ensures that blocks that failed the signature check are immediately dropped, optimizing resource usage.
For a detailed analysis of the findings and the implemented fixes, read the full audit report here.