New Vulnerability Discovered in Babylon Code Halts Block Production Slowdown

Recent Vulnerability Found in Bitcoin Babylon Staking Protocol

A newly discovered vulnerability in the Babylon staking code could allow malicious validators to skip the hash field when posting blocks, potentially leading to validator crashes and a slowdown in block production. This issue affects the Babylon block signing scheme, known as the BLS vote extension, which is used to demonstrate that validators have agreed on a block. The bug enables malicious validators to intentionally omit the hash field of the block when sending the vote extension, which could cause consensus problems among validators during the network's epoch boundaries.

The block hash field indicates to validators which blocks they are effectively voting on during the consensus process, and the bug permits its omission. Through this vulnerability, a malicious validator could theoretically cause the collapse of other validators during critical consensus checks, leading to a deceleration in block production if multiple validators were affected.

“Intermittent validator crashes at epoch boundaries would slow down the creation of epoch limit blocks,” wrote pseudonymous contributor GrumpyLaurie55348, who discovered the vulnerability. They added that Babylon dereferences this null pointer in critical consensus paths, causing panic during operation.

Cointelegraph reached out to Babylon for comments regarding the potential impact and solutions for the vulnerability but did not receive a response by the time of publication. Although the bug has not been described as being actively exploited, developers have warned that it could be abused if left unresolved.