Bitcoin Forum

Alternate cryptocurrencies => Altcoin Discussion => Topic started by: 1440000bytes on November 03, 2025, 12:55:09 AM


Title: Public Disclosure: Denial of Service using HTLC in Cashu
Post by: 1440000bytes on November 03, 2025, 12:55:09 AM
Vulnerability

The size of preimage was not validated in nutshell versions < 0.18.0. This allows the attacker to fill the mint's database and disk with arbitrary data.

Code:
    def _verify_htlc_spending_conditions(
        self,
        proof: Proof,
        secret: HTLCSecret,
        message_to_sign: Optional[str] = None,
    ) -> bool:

        htlc_secret = secret
        # hash lock
        if not proof.htlcpreimage:
            raise TransactionError("no HTLC preimage provided")
        # verify correct preimage (the hashlock) if the locktime hasn't passed
        now = time.time()
        if not htlc_secret.locktime or htlc_secret.locktime > now:
            if not hashlib.sha256(
                bytes.fromhex(proof.htlcpreimage)
            ).digest() == bytes.fromhex(htlc_secret.data):
                raise TransactionError("HTLC preimage does not match.")
        return True

NUT-14 (https://github.com/cashubtc/nuts/blob/main/14.md) can be used to create cashu tokens with a preimage and NUT-07 (https://github.com/cashubtc/nuts/blob/main/07.md) to see the preimage stored by the mint.

Proof of Concept

https://uncensoredtech.substack.com/p/denial-of-service-using-htlc-in-cashu

Fix

It was fixed by lollerfirst in https://github.com/cashubtc/nutshell/pull/803

Timeline

19 October 2025: I reported the vulnerabillity to cashu-dev@pm.me  
19 October 2025: Cashu dev team acknowledged it as a serious issue and opencash (https://opencash.dev/) rewarded with 100k sats  
21 October 2025: It was fixed in https://github.com/cashubtc/nutshell/commit/f84028ca3f8f0b476f7be8c29b58666f075be2c2  
28 October 2025: v0.18.0 was released with the fix  
29-31 October 2025: I reached out to several mints and requested to update nutshell  
2 November 2025: Public Disclosure

Advisory for mints and users

Some mints have still not updated nutshell. They should backup the database and run the mint with v0.18.0. Reach out to Cashu dev team if you experience any issues while updating the mint.

Users should check the version of the mint with https://<mint_url>/v1/info. Stop using the mint if it supports NUT-14 and running nutshell version older than 0.18.0.

Title: Re: Public Disclosure: Denial of Service using HTLC in Cashu
Post by: 1440000bytes on November 04, 2025, 04:59:08 AM
I don't know who keeps moving this post in different boards. It was initially posted in 'Development & Technical Discussion' for Bitcoin, moved to Altcoin Discussion, next 'Project Development' in Bitcoin and again moved to Altcoin Discussion. However, cashu (https://cashu.space/) is not an altcoin.


Title: Re: Public Disclosure: Denial of Service using HTLC in Cashu
Post by: flapduck on November 04, 2025, 06:26:57 PM
The mint didn't cap HTLC preimage size, so you could shove giant blobs via NUT-14 and fill the disk. v0.18.0 fixes it by the way, operators should upgrade now. If you can't yet, slap a body size limit on your proxy, add DB length limits, and reject oversized preimages in the app.

Also, this isn't "altcoin" material. Cashu rides Bitcoin and Lightning. The best home for this thread I think is "Bitcoin Development & Technical Discussion".


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines