CVE-2018-10831 in Z-NOMP
Summary
by MITRE
Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with {x1=1,x2=1,x3=1,...,x512=1} to bypass this verifier for any blockheader. This originally affected (for example) the Bitcoin Gold and Zcash cryptocurrencies, and continued to be exploited in the wild in May 2018 against smaller cryptocurrencies.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/03/2020
The vulnerability identified as CVE-2018-10831 represents a critical flaw in the Z-NOMP mining pool software that affected cryptocurrency mining operations from early 2018 through at least May of that year. This issue stems from an inadequate implementation of the Equihash solution verification mechanism, which is a cryptographic proof-of-work algorithm specifically designed for cryptocurrencies like Bitcoin Gold and Zcash. The flaw allows malicious actors to submit forged mining shares that appear legitimate to the mining pool software, effectively enabling them to manipulate mining rewards and potentially disrupt the mining ecosystem.
The technical implementation of this vulnerability lies in the incorrect verification of Equihash solutions within the Z-NOMP software framework. Specifically, the software contains a verifier that fails to properly validate the mathematical properties required for a legitimate Equihash solution. An attacker can exploit this by submitting a solution where all 512 variables are set to the value one, creating what is known as a trivial solution. This particular approach bypasses the intended verification process because the software does not properly enforce the cryptographic constraints that should make such solutions impossible to generate legitimately. The flaw operates at the core of the mining protocol implementation, where the verification logic should ensure that each solution meets specific mathematical requirements but instead accepts malformed inputs that appear valid to the system.
The operational impact of this vulnerability extends beyond simple reward manipulation to encompass broader security implications for cryptocurrency mining networks. Attackers could systematically submit these forged shares to mining pools, potentially gaining unfair advantages in reward distribution while simultaneously undermining the integrity of the mining process. The vulnerability was particularly concerning because it affected major cryptocurrencies including Bitcoin Gold and Zcash, which were actively being mined at the time. The continued exploitation of this flaw into May 2018 indicates that it remained functional across multiple mining pool implementations and was not adequately addressed in many deployments, creating a persistent threat to mining network security and fairness.
This vulnerability maps directly to CWE-284, which addresses improper access control in software systems, and represents a significant failure in the verification process that should ensure cryptographic integrity. From an attack perspective, this issue aligns with techniques described in the MITRE ATT&CK framework under the T1484.001 adversary tactic for "Create or Modify System Process" and T1078.004 for "Valid Accounts" as attackers could potentially manipulate mining pool operations to their advantage. The flaw demonstrates how insufficient input validation and cryptographic verification can create persistent security weaknesses that allow attackers to manipulate core protocol functions, potentially leading to economic disruption and loss of trust in mining operations. The vulnerability's persistence across multiple cryptocurrencies and mining pools indicates a systemic issue in how mining software implementations handle cryptographic verification, making it a critical concern for the broader cryptocurrency mining ecosystem.