Summary
A weakness in the NONET mesh network system allows malicious devices to pretend they successfully sent blockchain payments, even if they didn’t. This could trick users into thinking their money was sent or received, leading to potential loss or confusion.
Impact
- Attackers can set up fake gateway devices.
- These rogue devices can "confirm" transactions that never actually happened.
- Users may lose money or trust the network less because of false confirmations.
Details
- NONET uses Bluetooth to share payment info offline and relies on certain devices to send transactions to the blockchain.
- The system does not check if transaction confirmations from these devices are real.
- Any device could claim a payment was sent, even if it wasn’t.
Example Attack
- Alice sends money using NONET in an area without internet.
- Her payment packet passes through a device pretending to be a gateway.
- The rogue device sends back a "success" message, but didn’t actually forward her payment.
- Alice thinks she paid, but no money is moved on the blockchain.
Solutions
- Use trusted devices for critical payments.
- Double-check important transactions using blockchain explorers when possible.
- Service providers should update NONET to verify confirmations from gateways and use extra checks.
Summary
A weakness in the NONET mesh network system allows malicious devices to pretend they successfully sent blockchain payments, even if they didn’t. This could trick users into thinking their money was sent or received, leading to potential loss or confusion.
Impact
Details
Example Attack
Solutions