Nimiq Account Vesting Contract Panic Vulnerability Due to Underflow Error Handling

A vulnerability in the Nimiq Account library's VestingContract component, present in versions through 1.2.2, allows for a denial-of-service condition. The issue arises because the method 'can_change_balance' improperly handles error construction for insufficient funds, leading to a panic on underflow. This flaw can be exploited by creating a vesting contract with a total amount that exceeds the available balance, then broadcasting a transaction that triggers the error, causing the node to crash.

Impact

Exploitation of this vulnerability causes a panic that underflows the balance calculation, leading to a crash of the node process. In the block processing path, this underflow poisons the blockchain's read-write lock, making the node permanently unusable.

Reproduction

The vulnerability can be reproduced by creating a vesting contract using the 32-byte creation format. This format allows an attacker to specify a total amount that exceeds the transaction value, effectively creating a contract where the minimum required balance exceeds the available balance. Once such a contract is established, an outgoing transaction can be sent that triggers the 'can_change_balance' method, causing the node to panic and crash.

Remediation

Users can upgrade to Nimiq Account version 1.3.0 or later, where this vulnerability has been patched.