Author: Ben Reeves 2012-02-29 22:05:55
Published on: 2012-02-29T22:05:55+00:00
A vulnerability has been found in how the Bitcoin reference client deals with duplicate transactions. The vulnerability requires some hash power and has no financial benefit for the attacker, but it is still a security hole that needs to be fixed. A simple way to fix this is by adding an extra protocol rule which disallows blocks containing a transaction whose hash is equal to that of a former transaction which has not yet been completely spent. This proposed rule has been outlined in BIP30 and there is a patch available for the reference client. The patched client has been tested and verified to make the attack impossible. The change is backward compatible in the same way BIP16 is: if a supermajority of mining power implements it, old clients can continue to function without risk. Assuming 50% of hashing power adopts BIP30, but the actual client install base is relatively low, the patch will likely result in a "hard" blockchain split if someone takes advantage. A malicious miner can produce a duplicate coinbase which the majority of clients will accept but the majority of hashing power won't. Spending the coinbase output after disconnection will cause the blockchain to fork. All non-BIP30 clients on the short blockchain will be vulnerable to transaction reversal of 6 confirmations or more. It is a relatively inexpensive attack to perform, costing the attacker only one valid block (approximately $240) and could be quite disruptive. Pieter Wuille is asking for support for adding this rule to the protocol rules, and if there is consensus, he hopes pools and miners can agree to update their nodes without lengthy coinbase-flagging procedure that would only delay a solution.
Updated on: 2023-06-06T03:10:26.580967+00:00