Author: Gregory Maxwell 2013-06-27 11:04:06
Published on: 2013-06-27T11:04:06+00:00
A vulnerability was reported to Bitcoin developers by Arthur Gervais that could potentially lead to a double-spending attack in a fast payment scenario. The vulnerability occurred due to signature encoding incompatibilities between versions 0.8.2 (or 0.8.3) and earlier Bitcoin versions. A detailed description of the vulnerability can be found at ftp://ftp.inf.ethz.ch/pub/publications/tech-reports/7xx/789.pdf. The Bitcoin community had already discussed the transaction pattern in question in prior discussions such as the one cited in https://bitcointalk.org/index.php?topic=196990.msg2048297#msg2048297. This specific family of transaction patterns is cited as an example of why taking non-reversible actions on unconfirmed transactions is unsafe. It is also advised against by most of the Bitcoin community resources. This type of pattern can be achieved through other means besides changes in the IsStandard rule, such as concurrent announcement where conflicting transactions are announced at the same time to many nodes, and one excludes another. Input mixes that are only accepted by very specific subsets of the network can be created by performing this many times and using chains of unconfirmed transactions and seeing which family the victim observes.
Updated on: 2023-05-19T17:04:21.330325+00:00