TRON Multisig Vulnerability Endangered $500M in Digital Assets

Security researchers from the 0d research team at dWallet Labs have recently disclosed a critical zero-day vulnerability in the TRON blockchain that poses a significant risk to approximately $500 million worth of cryptocurrencies. This vulnerability affected the multisig accounts on the TRON blockchain, leaving them susceptible to potential theft.

Multisig accounts require multiple signatures before executing a transaction, ensuring added security. However, the flaw in TRON’s approach to multi-sig allowed any signer associated with a particular multisig account to gain unauthorized access to the funds within that account.

Understanding Tron Multisig Mechanism

To understand this vulnerability, it is essential to know how the permissions mechanism is employed by TRON to enable multisig wallets. In TRON’s network, multisig wallets consist of authorized keys with assigned weights. The weight determines the signer’s power when voting, and a threshold specifies the minimum weight required for transaction approval.

The verification process for multisig transactions involves several steps. Signatures are verified, and the account weight is extracted. Signature uniqueness is checked to prevent double signing. The weight is added to the total tallied weight, and the signature is stored to avoid duplicate signatures. Finally, the total weight is compared with the threshold to determine transaction approval.

Understanding Tron Multisig Mechanism

However, the vulnerability arose due to oversights in TRON’s verification process, which failed to verify all the necessary information, ultimately compromising the integrity of its multi-sig security. The 0d researchers stated that this line of attack would have completely overcome TRON’s multi-signature security measures.

Single Signer May Have Accessed Multisig Accounts

Omer Sadika, a member of the research team, explained that the vulnerability could have been exploited by signing the same message with non-deterministic nonces, effectively enabling a single signer to create multiple valid signatures for the same message.

Fortunately, the solution to this vulnerability was relatively simple. Researchers recommended checking signatures against a list of addresses instead of solely relying on a list of signatures, adequately mitigating the risk posed by this vulnerability.

TRON’s bug bounty program was instrumental in addressing this issue, as the 0d research team reported the vulnerability on February 19. TRON promptly patched the vulnerability within days, and most TRON validators have already implemented the necessary patches to ensure the vulnerability cannot be exploited.

While the researchers confirmed that there are no longer any user assets at risk, TRON has not yet issued its own public statement regarding the vulnerability.