Security Alert: DoS Risk via HTLC in Cashu

3 replies 358 views
mr_gasMember
Posts: 24 · Reputation: 174
#1May 11, 2025, 01:38 PM
Vulnerability So, there was a glitch where the preimage size wasn't checked in nutshell versions before 0.18.0. This basically lets an attacker saturate the mint's database and hard drive with random data. You can use NUT-14 to create cashu tokens with a preimage, and NUT-07 helps in viewing the preimage that the mint has stored. Proof of Concept Check this link for a detailed write-up. Fix Lollerfirst sorted this out in a GitHub pull request. Timeline 19 October 2025: I flagged the vulnerability to cashu-dev@pm.me 19 October 2025: The Cashu team recognized it as a big deal and I got rewarded with 100k sats from opencash. 21 October 2025: The fix was implemented in a GitHub commit. 28 October 2025: The new version v0.18.0 came out with the fix. 29-31 October 2025: I contacted a bunch of mints to get them to update nutshell. 2 November 2025: Time for public disclosure. Advisory for mints and users Some mints still haven't updated to nutshell. They really should back up their databases and ensure they're running v0.18.0. If there are any hiccups while updating the mint, they should reach out to the Cashu devs. Users need to check their mint version at the mint's info URL. If it supports NUT-14 and is running an old version of nutshell, it's best to stop using it.
6 Reply Quote Share
mr_gasMember
Posts: 24 · Reputation: 174
#2May 11, 2025, 02:09 PM
I don't know who keeps moving this post in different boards. It was initially posted in 'Development & Technical Discussion' for Bitcoin, moved to Altcoin Discussion, next 'Project Development' in Bitcoin and again moved to Altcoin Discussion. However, cashu is not an altcoin.
1 Reply Quote Share
luckyapeFull Member
Posts: 77 · Reputation: 599
#3May 11, 2025, 02:18 PM
The mint didn't cap HTLC preimage size, so you could shove giant blobs via NUT-14 and fill the disk. v0.18.0 fixes it by the way, operators should upgrade now. If you can't yet, slap a body size limit on your proxy, add DB length limits, and reject oversized preimages in the app. Also, this isn't "altcoin" material. Cashu rides Bitcoin and Lightning. The best home for this thread I think is "Bitcoin Development & Technical Discussion".
3 Reply Quote Share
mr_gasMember
Posts: 24 · Reputation: 174
#4May 11, 2025, 06:30 PM
CVE-2025-65548 is reserved for this vulnerability.
3 Reply Quote Share

Related topics