Research · Tag · P2p

Posts tagged p2p.

2 entries · sorted: recency← All research
RESEARCH
2026-07-13

How CometBFT's SecretConnection handshake spends CPU before authenticating the peer

CometBFT completes the full SecretConnection STS handshake — an X25519 Diffie–Hellman exchange and an Ed25519 signature verification — for any connecting peer before checking whether that peer's node-ID is allowlisted, so an unauthenticated remote source can spend the node's asymmetric-crypto budget at will.

Simon Morley
Read →8 min read
RESEARCH
2026-07-13

How an unauthenticated TLS half-open flood pins rippled's memory and crashes it under low file-descriptor limits

rippled's inbound TLS listeners on the peer port (51235) and the RPC-HTTPS port (5006) accept a partial TLS handshake with no deadline and no per-IP half-open cap, so a single source IP can pin server memory indefinitely and, at a default file-descriptor limit, crash the process.

Simon Morley
Read →8 min read