feat: Introduce core database and blockchain state manager, alongside…

[bhaskarvilles]

… PoC tests for integer overflow and exception handling.

Executive Summary

The java-tron blockchain implementation contains incomplete exception handling in the fork switching logic (Manager.java lines 1133 and 1171). This vulnerability could lead to blockchain state inconsistencies when fork switches fail, potentially enabling consensus attacks, double-spend scenarios, or network splits.

---

Vulnerability Details

Location

• File: framework/src/main/java/org/tron/core/db/Manager.java
• Lines: 1133, 1171
• Method: switchFork(BlockCapsule newHead)

Description

During blockchain fork switching operations, exceptions that occur while applying blocks are caught but not properly handled. The code contains TODO comments indicating this is known but unresolved:

// todo  process the exception carefully later
try (ISession tmpSession = revokingStore.buildSession()) {
  applyBlock(khaosBlock.getBlk().setSwitch(true));
  tmpSession.commit();
} catch (AccountResourceInsufficientException
    | ValidateSignatureException
    | ... ) {
  logger.warn(e.getMessage(), e);
  // No rollback, no state recovery, no error propagation
}

Impact

1. Blockchain State Inconsistency: Partial fork application without rollback
2. Consensus Failures: Nodes may diverge on blockchain state
3. Double-Spend Risk: Inconsistent transaction history
4. Network Splits: Different nodes on different forks
5. No Automatic Recovery: Manual intervention required

---

Proof of Concept

Running the PoC

cd C:\Users\Bhaskar\Documents\GitHub\java-tron
./gradlew test --tests "org.tron.poc.M2_ExceptionHandlingPoC"

Expected Output

The PoC demonstrates:

1. Vulnerable code pattern allowing inconsistent state
2. Fixed code pattern with proper rollback
3. Impact analysis of the vulnerability

PoC Files

• framework/src/test/java/org/tron/poc/M1_IntegerOverflowPoC.java - Demonstrates M-1 protection
• framework/src/test/java/org/tron/poc/M2_ExceptionHandlingPoC.java - Demonstrates M-2 vulnerability

---

Reproduction Steps

1. Set up a TRON node with multiple peers
2. Create a fork scenario with conflicting blocks
3. Inject a block that will fail validation during fork switch
4. Observe that:
   • Some blocks from the new fork are applied
   • Exception occurs and is caught
   • No rollback is performed
   • Blockchain state is inconsistent

---

Recommended Fix

See implementation_plan.md for complete fix details. Key improvements:

1. Comprehensive Exception Handling: Catch all exceptions and handle appropriately
2. Proper Rollback Mechanism: Restore blockchain state on failure
3. Error Propagation: Re-throw exceptions after rollback
4. Circuit Breakers: Prevent repeated failures
5. Enhanced Logging: Track all fork operations

---

Additional Finding: M-1 Integer Overflow

Status: ✅ Already Protected

The codebase properly uses Maths.addExact() and Maths.multiplyExact() throughout to prevent integer overflow. This is a positive security finding.

Evidence:

• TransferActuator.java: Lines 60, 158, 166
• TransferAssetActuator.java: Line 180
• VMUtils.java: Lines 173, 234
• AccountCapsule.java: Lines 728, 748, 749

PoC: M1_IntegerOverflowPoC.java demonstrates the protection works correctly.

---

Timeline

• Discovery Date: January 18, 2026
• Vendor Notification: [To be filled upon submission]
• Fix Developed: January 18, 2026
• Public Disclosure: [To be coordinated with TRON team]

---

References

• TRON Security Policy: https://github.com/tronprotocol/java-tron/blob/master/SECURITY.md
• CWE-755: https://cwe.mitre.org/data/definitions/755.html
• Manager.java Source: https://github.com/tronprotocol/java-tron/blob/master/framework/src/main/java/org/tron/core/db/Manager.java

---

3 Files Changed

1. M1_IntegerOverflowPoC.java - PoC for M-1 (positive finding)
2. M2_ExceptionHandlingPoC.java - PoC for M-2 vulnerability
3. Manager.java.patch - Proposed fix