Author: Warren Togami Jr. 2013-08-16 14:27:35
Published on: 2013-08-16T14:27:35+00:00
The bitcoinj-0.10 release notes state that Bloom-capable (0.8+) peers are required by default, and older nodes will be disconnected to avoid accidental bandwidth saturation on mobile devices. However, there is a user-security concern about this new default behavior in SPV clients raised by Peter Todd. He suggests that reconsideration of this default behavior may be warranted. Todd explains how creating "SPV honeypots" that allow incoming connections only from SPV nodes can attract a disproportionate % of the total SPV population given a relatively small number of nodes, making it difficult to sybil the network. This can be used to harm SPV nodes by dropping a percentage of transactions deterministically or degrading the capacity of honest nodes. Todd also questions if bitcoinj has any protections against peers flooding users with useless garbage, which can rack up a user's data bill, by creating junk unconfirmed transactions matching the bloom filter.
Updated on: 2023-06-07T15:56:52.883095+00:00