Author: Sergio Demian Lerner 2018-06-09 12:24:49
Published on: 2018-06-09T12:24:49+00:00
In an email chain between various members of the Bitcoin community, a vulnerability in the Bitcoin Merkle tree algorithm is discussed. The algorithm is unable to differentiate between inner nodes and 64-byte transactions, as both are hashed in the same way. This leads to a potential problem for transaction inclusion proofs, as a miner could create a transaction that commits to a transaction not in the blockchain. It was noted that if the depth of the Merkle tree is known, this issue can be avoided by comparing the length of the Merkle path to the known depth. A soft-fork may not be necessary to implement this solution. One member urges the community to work on this issue for the security and clean-design of Bitcoin. Another notes that an attacker with only $1.3 million USD could brute-force 72 bits and perform this attack, making it entirely feasible. They also note that the attack can be repeated and that no person should accept more than $1 million USD using a SPV wallet. It was reported by RSK that they discovered this issue in 2017 and it's important for them to have it fixed because their SPV bridge uses SPV proofs. They suggest using version bits to indicate the tree depth or banning transactions with a size lower than or equal to 64.
Updated on: 2023-06-13T03:14:13.838772+00:00