Author: Luke-Jr 2012-08-22 02:53:21
Published on: 2012-08-22T02:53:21+00:00
A vulnerability has been identified in unpatched Bitcoin installations which can result in a permanent wedge at the current highest block. This is achieved through Bitcoin caching orphan blocks in a disk-backed database. Attackers need to send a valid block that will eventually make it into the blockchain and make it invalid by duplicating one of the transactions while preserving the Merkle root. The attacker does not need to mine their own block but instead can mutate a block and pass it on to their peers after listening for one. The vulnerability also allows an attacker to hijack large miners and exchanges, resulting in double-spend attacks until miners notice they have been forked and fixed their bitcoind. An attacker could target specific blocks they want orphans by performing this attack on a majority of miners with the “tip” block they want orphaned. To mitigate the risk, Eloipool has attempted to produce blocks with only transaction counts that are powers of two because such blocks cannot be used for an attack against vulnerable clients.
Updated on: 2023-06-06T07:06:56.304852+00:00