Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Babylon Genesis Chain>Low findings>Multiple issues when inputting password for the BLS keystore
GeneralOverview
Findings
Critical (10)
High (4)
Medium (4)
Low (7)Inability to restore confirmed checkpoints to sealed stateLack of commission-rate change restrictions in EditFinalityProviderHide slashing targets from vigilante by spammingPublic randomness reset due to block-height overflowIncorrect negative checksUnsafe swagger Content Security PolicyMultiple issues when inputting password for the BLS keystore
Informational (7)
DiscussionBabylon node module-wise reviewed parametersDependency management and vulnerability assessmentPanic handling in ABCI++ handlersBehavior of MissedBlocksCounter on consecutive windows
DesignModule: btclightclientModule: btccheckpointModule: checkpointingModule: epochingModule: finalityModule: incentiveModule: monitorModule: mintModule: btcstakingbtc-stakerstaking-expiry-checkerbtc-staking-tsVigilante reporterVigilante submitterVigilante monitor (BTC timestamping monitor)Vigilante BTC staking trackerCryptographyFinality providerCovenant emulatorModule: staking-queue-clientstaking-api-servicebabylon-staking-indexersimple-staking
Audit ResultsAssessment Results
AddendumAddendumNonce reuse in adaptor signatures allows recovering signing key testsKey recovery succeeding on output from a btc-delegations query test
Category: Coding Mistakes

Multiple issues when inputting password for the BLS keystore

Low Severity
Low Impact
Low Likelihood

Description

When the BLS keystore migration command is used, the caller is prompted to enter a password for the keystore. There are three issues with the current input mechanism:

  1. The user is allowed to pass the password in as a command line parameter, which causes the password to not only be visible in plaintext on the terminal, but also to show up on logs.

  2. If the user does not specify a password, the user is prompted to enter one. In this case, they are only asked to enter the password once, rather than twice, which can cause a typo to render the BLS keystore inaccessible.

  3. Extending from the above case, when the user is asked to input a password, a password-specific prompt is not used, which means that the user's input is echoed back onto the terminal, which again causes the password to be visible on the terminal.

Impact

All of the above issues make it more likely for the password to be leaked to an unauthorized party in one way or another.

Recommendations

Don't allow passwords to be passed in as command line parameters. Instead, always require them to be typed in, and use a password prompt so the inputted password is not echoed back onto the terminal. Additionally, when choosing the password, require the password to be inputted twice in order to prevent typos.

Remediation

This issue has been acknowledged by Babylon Labs, and a fix was implemented in commit 7de1a748. Passwords are no longer prompted for, and providing passwords through a command line parameter is documented as insecure and not for use in production. Providing passwords through environment variables is recommended.

Zellic © 2025Back to top ↑