Author: Sergio Demian Lerner 2018-06-09 12:21:17
Published on: 2018-06-09T12:21:17+00:00
A vulnerability in the Bitcoin merkle tree algorithm has been discovered, whereby a miner could create a transaction that falsely committed to a transaction not actually on the blockchain. If a miner had 1.3 million USD and the capability of hash cracking for four days on ASICs, they could perform this attack. It has been requested that no more than 1 million USD be accepted using an SPV wallet due to this vulnerability. The attack can also be repeated, meaning that once a block has been created, more parties can be attacked without additional computation. RSK reportedly discovered this problem in 2017 and urges the Bitcoin community to work on the issue for security purposes. Two suggestions have been made to fix the issue: using version bits with 4 bits indicating the tree depth, or banning transactions with a size of 64 or lower. The possibility of maintaining validation of old transactions via caching the number of transactions in each previous block has also been discussed. A soft-fork may not be necessary to implement a solution, and it has been suggested that this vulnerability may unintentionally encourage the use of safe full verification rather than unsafe lite clients.
Updated on: 2023-06-13T03:14:58.343070+00:00