Chia Blockchain Cross-Site Request Forgery Vulnerability in RPC Server

A cross-site request forgery (CSRF) vulnerability has been identified in Chia Blockchain version 2.1.0. The issue arises in the RPC server's transaction handling endpoint, '/send_transaction', which lacks proper authentication and origin validation. This vulnerability allows remote attackers to manipulate transaction requests without the user's consent, potentially leading to unauthorized fund transfers. The exploitation of this vulnerability is considered complex and difficult, requiring a high level of technical skill.

Impact

Exploitation of this vulnerability allows for cross-site request forgery, where an attacker can perform actions on behalf of a user without their consent. In the case of Chia Blockchain, this could involve unauthorized transactions or access to sensitive information such as private keys and seed phrases.

Reproduction

To reproduce this vulnerability, send a POST request to 'localhost:9256/send_transaction' without any authentication. The request can include parameters such as 'wallet_id', 'address', 'amount', and 'fee'. The absence of CORS headers allows this request to be made from a malicious website, exploiting the user's session with the Chia Wallet.