Author: Forrest Voight 2012-08-22 02:25:20
Published on: 2012-08-22T02:25:20+00:00
A flaw in the Merkle hash implementation used by Bitcoin to calculate the Merkle root in a block header has been discovered. An attacker can easily construct multiple lists of hashes that map to the same Merkle root, allowing two blocks to be created that have the same block hash but one can be valid and the other invalid. The attack can be executed on an unpatched Bitcoin installation, which can be permanently wedged at its current highest block due to Bitcoin caching orphan blocks in a disk-backed database. The victim will receive the invalid block, cache it on disk, attempt to process it, and reject it as invalid. Re-requesting the block will not be even attempted since Bitcoin believes that it already has the block, since it has one with the same hash. To fix this issue, Gavin Andresen rejected blocks with duplicate transactions in CheckBlock, preventing them from being cached at all.
Updated on: 2023-06-06T07:07:21.631420+00:00