CVE-2020-15899

Analysis of

CVE-2020-15899

A critical vulnerability existed in the Grin cryptocurrency implementation (versions 3.0.0 to 3.1.1) due to an oversight in the Cuckaroom29 proof-of-work (PoW) verification code. The bug caused the number of nodes in a valid graph to be restricted to half the expected size (2^28 instead of 2^29), effectively reducing the mining difficulty for an attacker [1].

Exploitation required no authentication or network access beyond what a typical Grin node provides. An attacker could craft solutions that passed verification with a speedup of 1000x or more, enabling them to mine blocks at a vastly faster rate than honest miners. The vulnerability was introduced in the implementation of the Cuckaroom29 PoW algorithm and was not detected until a core developer reviewed the code [1].

The impact was severe: an attacker could generate an alternative chain from the previous hard fork (HF2) that would be valid under the longest-chain rule, potentially overtaking the legitimate chain. This could have led to double-spending and chain reorganization. However, the Grin security team confirmed that the vulnerability was never exploited in the wild [1].

The flaw was quietly fixed in the v4.0.0-rc.1 release as part of a mandatory upgrade ahead of the scheduled hard fork on July 16, 2020 (HF3). Users running v4.0.0 or later are not affected; no other mitigations are required [1][3].