From ad880feeac963af977f9914a680e2e21e55fe3b0 Mon Sep 17 00:00:00 2001 From: Kevin Hammond <12563287+kevinhammond@users.noreply.github.com> Date: Sat, 7 Sep 2024 22:58:14 +0200 Subject: [PATCH] added blocks from the future --- blog/2024-09-07-incident.md | 42 +++++++++++++++++++++++++++++++++++++ docusaurus.config.js | 1 + 2 files changed, 43 insertions(+) create mode 100644 blog/2024-09-07-incident.md diff --git a/blog/2024-09-07-incident.md b/blog/2024-09-07-incident.md new file mode 100644 index 0000000000..454e814f5a --- /dev/null +++ b/blog/2024-09-07-incident.md @@ -0,0 +1,42 @@ +--- +title: Blocks from the future +slug: 2024-09-07-incident +authors: kevinhammond +tags: [security,consensus] +hide_table_of_contents: false +--- + +## Blocks from the future + +We identified two issues relating to "blocks from the future". + +1. Blocks from the near future +2. Blocks from the far future + +While blocks from the near future have been known to occur on mainnet as a result of clock skew/misconfiguration, +there are no known instances on mainnet of blocks from the far future. In both cases, restarting an affected +node would resolve the issue. + +### What is meant by a Block from the Future? + +A node considers a block to be from the future if its slot is ahead of +the current slot. Ouroboros Praos mandates that all chains containing +blocks from the future (at that time) are ignored during chain +selection. As Praos assumes that all nodes have access to perfectly +synchronized clocks, this will never cause nodes to disregard blocks +that have been minted by other honest nodes. In an actual real-world +deployment, this assumption is unrealistic due to the imperfections of +protocols like NTP as well as leap seconds. + +The issues that were identified meant that blocks from the future could potentially be +used by malicious actors to create denial-of-service attacks. + +Both issues were fixed by Cardano node 8.8 or later, and were eradicated at the Chang hard fork. + + +### Further Details + + +[Report on Blocks from the Near Future](https://) + +[Report on Blocks from the Far Future](https://) diff --git a/docusaurus.config.js b/docusaurus.config.js index 6ce7845a29..9c9c03b682 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -114,6 +114,7 @@ const config = { { to: 'tags/performance-tracing', label: 'Performance & Tracing' }, { to: 'reports/tags/benchmarking-reports', label: 'Benchmarking Reports' }, { to: 'tags/incident', label: 'Incident Reports' }, + { to: 'tags/security', label: 'Security Reports' }, ], },