The InterPlanetary File System (IPFS) is currently the largest decentralized storage solution in operation, with thousands of active participants and millions of daily content transfers. IPFS is used as remote data storage for numerous blockchain-based smart contracts, Non-Fungible Tokens (NFT), and decentralized applications. We present a content censorship attack that can be executed with minimal effort and cost, and that prevents the retrieval of any chosen content in the IPFS network. The attack exploits a conceptual issue in a core component of IPFS, the Kademlia Distributed Hash Table (DHT), which is used to resolve content IDs to peer addresses. We provide efficient detection and mitigation mechanisms for this vulnerability. Our mechanisms achieve a 99.6\% detection rate and mitigate 100\% of the detected attacks with minimal signaling and computational overhead. We followed responsible disclosure procedures, and our countermeasures are scheduled for deployment in the future versions of IPFS.

翻译：星际文件系统（IPFS）是目前运营中最大的去中心化存储解决方案，拥有数千名活跃参与者和数百万次日常内容传输。IPFS被广泛用作基于区块链的智能合约、非同质化代币（NFT）和去中心化应用的远程数据存储。我们提出了一种内容审查攻击，该攻击可以以极小的努力和成本执行，并能阻止IPFS网络中任意选定内容的检索。此攻击利用了IPFS核心组件——Kademlia分布式哈希表（DHT）中的一个概念性问题，该组件用于将内容ID解析为对等节点地址。我们针对这一漏洞提供了高效的检测与缓解机制。我们的机制实现了99.6%的检测率，并能以最小的信令和计算开销缓解100%的已检测攻击。我们遵循了负责任的披露流程，相关对策已计划在IPFS未来版本中部署。