The "AI Slop" That Bypassed Your Security
In the world of Web3 security, the "Proof of Concept" (PoC) is the only source of truth. Recently, I discovered a critical logic bypass in the Starknet BTC Staking Attestation module. When I brought it to the team, the response was dismissive: "This looks like AI slop; we won't review it."
Today, I am releasing the technical details and a public PoC to protect the ecosystem. If a vulnerability is "AI slop," then the protocol is currently being exploited by "AI" that knows how to drain its rewards.
The Technical Deep Dive: The "Ghost Staking" Vulnerability
The core of the issue lies in the Attestation.cairo contract. The protocol attempts to verify BTC staking by checking block data, but it makes a fundamental mistake in its "source of truth."
- The Insecure Root of Trust The contract relies on get_block_hash_syscall(target_block_number) to validate proofs.
Фрагмент кода
// Vulnerable logic snippet
let block_hash = get_block_hash_syscall(target_block_number);
assert(block_hash == provided_proof.block_hash, 'Invalid block proof');
The Flaw: Block hashes are public data. Any network participant can retrieve a valid block hash and include it in a forged attestation. The contract validates that the block exists, but fails to verify that a specific transaction (the BTC deposit) belongs to the user submitting the proof.
- Lack of Collateral Binding Because the attestation logic doesn't strictly bind a unique BTC transaction to a Starknet address, an attacker can:
Monitor public BTC block data.
Generate a valid-looking attestation structure using public hashes.
Trigger the reward minting function without ever locking a single Satoshi.
Proof of Concept (PoC)
I have isolated the exploit in a clean environment. You can find the full code here: [Insert your GitHub Link: rdin777/starknet-staking_audit1]
To reproduce the vulnerability:
Run Cairo Tests:
cd ghost_staking_audit && snforge test tests/test_ghost_stake.cairo
Result: The test demonstrates a user with zero collateral successfully claiming rewards.
External Simulation:
node scripts/exploit.js
Result: This script generates the forged attestation data that bypasses the assert checks in the contract.
The Disclosure Timeline
March 21, 2026: Submitted the technical report to the team (Lotem Kahana). Dismissed as "AI-generated" without a technical audit.
March 22-24, 2026: Offered private PoC walkthrough. Requested a technical review. Zero response.
March 24, 2026: Public Disclosure.
Conclusion
Dismissing independent research as "AI slop" without running the provided tests is a dangerous precedent. Security is about code, not egos. The vulnerability remains unpatched in the current logic.
I invite the Starknet community to review the PoC and judge for themselves.
Researcher: rdin777
Keywords: #Starknet #Cairo #SecurityAudit #L2 #Vulnerability
Top comments (0)