Halborn “Rab13s” Vulnerability Discovery In Dogecoin and 280+ Networks

During an audit of the Dogecoin open-source codebase back in March 2022, Halborn researchers — led by Halborn Senior Offensive Security Engineer Hossam Mohamed — identified several critical and exploitable vulnerabilities. The most critical of these — codenamed Rab13s — was discovered to have far-reaching impacts, affecting over 280 other networks, including Litecoin and Zcash. In total, over $25 billion dollars in digital assets were placed in jeopardy by this vulnerability.

The Halborn team identified several known vulnerabilities in the Dogecoin codebase. These vulnerabilities existed in Bitcoin and had previously been assigned CVEs (Common Vulnerabilities and Exposures).

The Rab13s vulnerabilities identified by the Halborn team impacted the peer-to-peer (P2P) communications networks used by affected blockchains. These networks link the blockchain together and typically use relatively simple protocols, making them a prime target for attack.

The Rab13s vulnerabilities had a number of potential impacts on Dogecoin and other affected networks. Two of them had the ability to perform a Denial of Service (DoS) attack, while one enabled remote code execution (RCE).

The first DoS vulnerability involved sending malicious, crafted consensus messages to a vulnerable node, which would cause it to crash. Alternatively, an attacker with valid credentials could exploit a vulnerability in the RPC services and cause a crash. Successful DoS attacks decrease the difficulty of performing a 51% attack and can have other negative impacts.

As part of its initial assessment, Halborn developed a proof-of-concept exploit kit that demonstrated how each of the discovered vulnerabilities could be exploited. This exploit kit included several configurable parameters that could be used to adapt the exploit to the various affected networks. This exploit kit has not been shared with other parties and has only been used to demonstrate the existence of the vulnerability and test potential patches.

After identifying the affected networks, Halborn shared information and remediation recommendations with the necessary stakeholders. These teams have developed, tested, and distributed patches for affected miners and their communities.

For networks such as Dogecoin that use a UTXO-based node, it is recommended that node operators update to the latest version (1.14.6). Due to the scope and potential impacts of these vulnerabilities, Halborn is not releasing further technical details at this time.