Author: Peter Todd 2018-06-09 12:50:58
Published on: 2018-06-09T12:50:58+00:00
Sergio Demian Lerner reported a vulnerability (CVE-2017-12842) affecting hundreds of Simplified Payment Verification (SPV) wallets and other sensitive systems relying on SPV proofs. The vulnerability was discovered by RSK in 2017, and it's important to fix it as their SPV bridge depends on SPV proofs. However, Peter Todd argues that pruned nodes can be made invulnerable to the attack while retaining the ability to verify merkle path tx inclusion proofs. According to him, there is no need to fix the attack for SPV as they can be attacked at much lower cost by generating fake blocks. Sergio apologizes for discussing this issue publicly earlier, thinking that it was well-known, and urges the Bitcoin community to work towards ensuring the security and clean-design of Bitcoin.
Updated on: 2023-06-13T03:14:33.080581+00:00