ZenGo X fixes double-spending vulnerability affecting BitClout

ZenGo X, the research arm of crypto wallet provider ZenGo, says it discovered a double-spending vulnerability related to BitClout, an app on the Decentralized Social (DeSo) network.

The security vulnerability in question involved a potential double-spending exploit that ZenGo X’s senior researcher Matan Hamilis said could drain funds held in BitClout's reserve called Gringotts Bank. 

DeSo rewarded ZenGo $75,000 — the highest-ever by the project — for discovering and reporting the vulnerability. ZenGo X also stated that the security did not pose any risks to user funds or the DeSo blockchain as a whole.

BitClout creator Nader Al-Naji launched DeSo in September after receiving a $200 million investment from backers including Andreessen Horowitz (a16z), Coinbase Ventures, Polychain Capital, and TQ Ventures among others. DeSo is a platform that supports a variety of decentralized social media platforms, including BitClout.

Breaking into Gringotts

To get funds on DeSo, users need to swap bitcoin using the BTC-DeSo bridge. Even though Bitcoin has a 10-minute block time for confirming transactions, the bridge was designed to release deso tokens automatically without waiting for confirmation of the initial bitcoin transaction.

This method opened the door to the possibility of a double-spend attack. For someone could make a bitcoin payment to the bridge, receive the deso and then, say, bribe a miner to do a different bitcoin transaction instead — so it wasn’t spent in the first place. In order to prevent such an attack, DeSo used blockchain explorer tool Blockcypher to scan for possible double spends.

ZenGo X, however, found that DeSo’s defense against double-spending was not sufficiently robust. It noticed that an attacker could fool the system using a very specific type of transaction, known as ancestor transactions.

These gaps could allow rogue actors to trick the bridge protocol into swapping bitcoin for deso tokens when the attacker had not sent any BTC across the bridge.

The vulnerability was dubbed “Griphook,” — a nod to the Goblin character in the Harry Potter story that assisted in the Gringotts break-in.

ZenGo X also claimed that an attacker could mount multiple attacks, taking advantage of Gringotts' automatic refill protocol to siphon millions of dollars from the DeSo vault.

Fixing the problem

ZenGo X’s suggested solution, which has been implemented by DeSo, was to initiate manual confirmation of all incoming transactions to the bridge with a special focus on ancestor transactions to better detect possible double-spends.

Other suggested fixes include deploying multiple explorer APIs as well as minimizing the amount of deso tokens held in Gringotts vaults.

“We’re quite confident that this solution will prevent similar attacks from taking place. We are convinced that the checks Bitclout's service is now performing will make similar attacks much more complicated to conduct by significantly reducing the probability of success and requiring the cooperation of very strong miners,” Hamilis told The Block.

Update: Following an update from ZenGo, this article and headline has been changed to show that the vulnerability directly affects BitClout, rather than DeSo itself.