Bug: pre-auth device-signature verify allows CPU-amplification DoS without rate limit

[fede-kamel]

Problem

The gateway's pre-auth device-signature verify path runs cryptographic verify work for every connect attempt, with no rate limit on the unauthenticated request stream. An attacker can amplify CPU use on the gateway by sending bogus signatures faster than legitimate clients, since each signature triggers expensive verify work before any auth bound is enforced.

Defense-in-depth fix: rate-limit pre-auth device-signature verify so an unauthenticated attacker cannot pin gateway CPU.

Tracking PR

Fix in #77492.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed May 31, 2026, 1:15 AM ET / 05:15 UTC.

Summary
Keep open: current main and the latest release still have the pre-auth device-signature verification path without a device-signature-specific rate limit, and the linked closing PR remains open.

Reproducibility: yes. Source inspection shows current main derives the submitted device id and calls v3/v2 signature verification without a device-signature-specific limiter; I did not run the live flood PoC in this read-only review.

Next step
No separate repair lane is appropriate because this security-sensitive issue is already paired with open closing PR #77492.

Security
Needs attention: This security-sensitive pre-auth gateway CPU-amplification report remains open because the protection is not on current main or the latest release.

Review details

Best possible solution:

Review and land an acceptable version of #77492, or replace it with an equivalent maintainer-owned fix that protects device-signature verification before expensive crypto work.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection shows current main derives the submitted device id and calls v3/v2 signature verification without a device-signature-specific limiter; I did not run the live flood PoC in this read-only review.

Is this the best way to solve the issue?

Unclear whether the exact linked PR shape is the final best fix because it is still open and security-sensitive. The best current issue handling is to keep this open while maintainers review that PR or choose an equivalent replacement.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• The pre-auth gateway availability risk remains until security fix(gateway): defend pre-auth device-signature verify against CPU DoS #77492 or an equivalent maintainer-approved fix lands.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 51dee73a5d3e.

Label changes

Label changes:

• remove clawsweeper:linked-pr-open: Current issue advisory state no longer selects this label.

Label justifications:

• P1: The reported unauthenticated gateway CPU-amplification path could urgently affect real gateway availability.
• impact:security: The issue concerns unauthenticated pre-auth verification and denial-of-service resistance.
• impact:crash-loop: The claimed impact is gateway CPU saturation that can make the gateway effectively unavailable under attack.

Evidence reviewed

Security concerns:

• [high] Pre-auth device-signature verification lacks its own limiter — src/gateway/server/ws-connection/message-handler.ts:929
  Current main still lets a supplied device block reach device-id derivation and v3/v2 signature verification without a device-signature-specific rate-limit bucket, so the reported unauthenticated CPU-amplification surface remains relevant.
  Confidence: 0.86

What I checked:

• Current source derives the submitted device id before auth completion: The WebSocket connect handler calls deriveDeviceIdFromPublicKey on the supplied device public key before resolveConnectAuthDecision; no device-signature limiter is applied in this block. (src/gateway/server/ws-connection/message-handler.ts:929, 51dee73a5d3e)
• Current source runs v3 then v2 device signature verification: resolveDeviceSignaturePayloadVersion calls verifyDeviceSignature for the v3 payload and then again for v2 when v3 fails, matching the reported amplification surface. (src/gateway/server/ws-connection/handshake-auth-helpers.ts:338, 51dee73a5d3e)
• Crypto verify helper constructs a public key and verifies the signature: verifyDeviceSignature creates a public key from the supplied input and calls crypto.verify; malformed inputs are caught, but this is still the expensive work the issue targets. (src/infra/device-identity.ts:317, 51dee73a5d3e)
• Current auth limiter has no device-signature scope: The exported auth rate-limit scopes are default, shared-secret, device-token, and hook-auth only; no device-signature bucket exists on current main. (src/gateway/auth-rate-limit.ts:38, 51dee73a5d3e)
• Device-token limiting does not cover signature verification: The existing DEVICE_TOKEN limiter check is in the device-token auth path after device identity has already been parsed; it is not a pre-verification device-signature gate. (src/gateway/server/ws-connection/auth-context.ts:216, 51dee73a5d3e)
• Latest release has the same missing device-signature scope: The v2026.5.28 release tag exports the same auth limiter scopes and does not contain an AUTH_RATE_LIMIT_SCOPE_DEVICE_SIGNATURE entry. (src/gateway/auth-rate-limit.ts:38, e93216080aa1)

Likely related people:

• Peter Steinberger: Current-main blame on the implicated device handshake, signature helper, and rate-limit scope lines points to commit 0be3ef5 in the available checkout history. (role: recent area contributor; confidence: medium; commits: 0be3ef5a383d; files: src/gateway/server/ws-connection/message-handler.ts, src/gateway/server/ws-connection/handshake-auth-helpers.ts, src/infra/device-identity.ts)
• fede-kamel: The issue body names the open closing pull request for this exact device-signature DoS surface, and that PR is authored by the same contributor. (role: reporter and linked fix author; confidence: medium; commits: 1fc8137ba1de; files: src/gateway/server/ws-connection/message-handler.ts, src/gateway/auth-rate-limit.ts, src/infra/device-identity.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.