Topics

Security Advisory - Corda Settler

James Brown
 

Affects: Corda Settler

Severity: Medium

Overview

A vulnerability in Corda Settler was reported to R3 through the Corda vulnerability disclosure process. The vulnerability affected, but was limited to, XRP payments in the Corda Settler application. Other payment mechanisms were unaffected. No parties were affected by the vulnerability, and users of Corda Settler should take advantage of the fix made in the public GitHub repository. R3 would like to thank Markus Alvila (@RareData) for his research efforts, and for responsibly disclosing the vulnerability.

Analysis

Corda Settler is an open source CorDapp that allows payment obligations arising on the Corda Network to be settled via parallel crypto-assets. The vulnerability was caused by the Settler application's handling of the partial payments feature in the Ripple protocol. 

The vulnerability was limited to XRP payments in a Corda network; other payment mechanisms were unaffected. A malicious node in a Corda network could have exploited the partial payments feature in the Ripple protocol to withhold payment, whilst the Corda obligation would resolve as fully settled.

The trust model of a Corda network mitigates the impact of this vulnerability. Identities are unique on a network, with assurance of that uniqueness provided by a mutually trusted Network Operator. Nodes verify the identity asserted by a peer is well known to them before accepting XRP payments. The vulnerability was not exposed to users of the Settler application; in order to have exploited the flaw, a node operator would have needed to act maliciously and manually settle an obligation.

Remediation

The vulnerability was fixed on  and is available on the master branch of the Corda Settler GitHub public repository. Any party using Settler as a basis for settlement should take advantage of the fix by pulling from master. Updating will also benefit from recent changes to use the new Tokens SDK and rebasing onto Corda 4.1.