Hide slashing targets from vigilante by spamming
Description
To retrieve up to 100 delegations from the Babylon chain at a time, including those not yet posted to Bitcoin, vigilante uses a query with BTCDelegationStatus_ANY
. An attacker could create numerous pending BTC delegations (even if they pay a gas fee) to push a legitimate delegation out of this limited query window. If vigilante fails to fetch the legitimate delegation, it may not initiate private-key recovery or a required slashing process against that target. Although gas fees are intended to discourage spam, current levels may still be too low if the attacker’s incentive justifies the cost.
Impact
When vigilante cannot retrieve specific delegations due to spam, the key recovery or slashing of those targets is delayed. This increases the risk of missed slashing opportunities, potentially exposing the system to prolonged malicious or noncompliant behavior. Manually identifying and addressing missing delegations becomes an added burden, especially under high volume or time-sensitive conditions.
Recommendations
Raise the cost or implement throttling for creating new delegations, making large-scale spam less economical. Increase vigilante’s pagination limit to ensure it captures enough entries to include genuine delegations, even under flooding attempts.
Remediation
This issue has been acknowledged by Babylon Labs, and a fix was implemented in commit aec7f7c1↗.
This was remediated by changing the default batch size for delegation batches from 100 to 500.