Author: Bryan Bishop 2018-09-22 17:54:12
Published on: 2018-09-22T17:54:12+00:00
A bug has been discovered in Bitcoin Core and Bitcoin ABC that can be exploited by miners. The exploit could potentially inflate the cryptocurrency's supply, and it was reported to developers via email by a user named "awemany." Although the vulnerability is not an inflation bug, it still poses a problem as it can crash nodes, prompting a software update.The issue arises due to the fact that duplicate inputs are not checked in CheckBlock, only when they are accepted into the mempool. This creates a problem because a transaction might bypass the mempool when it is included in a block. A later assertion in SpendCoins seems to prevent the worst outcome of monetary inflation by crashing the node. While the vulnerability is present in both clients, it has yet to be exploited.In response to community doubts over the authenticity of awemany's email, Gregory Maxwell, a Bitcoin Core developer, shared the full text online. An updated version has been released, but many nodes may still be vulnerable until they apply the patch. Those using Bitcoin Core and Bitcoin ABC are advised to upgrade to the latest version as soon as possible.The patch for Core includes changes to its net_processing.cpp, validation.cpp, and tx_verify.cpp files. In net_processing.cpp, some lines of code have been removed from the ProcessGetBlockData function, which previously pushed messages to the node's peers containing transactions in a block. Similarly, some lines of code have also been removed from the ProcessGetData function, which previously sent responses to the node's peers requesting transaction data. In both cases, if no response was required or if the requested transaction was not in the mempool, an entry was added to a list of vNotFound.In the validation.cpp file, the SpendCoins function had an assertion that has now been commented out. Similarly, the UpdateCoins function also had an assertion that has now been commented out. Lastly, a patch has been provided for Core that modifies the CheckTransaction function by skipping the check for duplicate inputs. It is important for users of Bitcoin Core and Bitcoin ABC to upgrade to the latest version to avoid any potential vulnerabilities.
Updated on: 2023-05-20T17:47:14.126606+00:00