Author: alicexbt 2022-09-10 10:20:48
Published on: 2022-09-10T10:20:48+00:00
A vulnerability in the Samourai wallet's p2p coinjoin transaction STONEWALLx2 has been identified and assigned CVE-2022-35913. The issue was reported to the bitcoin-dev mailing list on July 14th, 2022. The problem involves a DoS attack where the collaborator spends the UTXO used in STONEWALLx2 before the transaction is completed, resulting in an error message for the spender. Suggestions for mitigating the issue include an error message that suggests doing such transactions only with trusted users and, once full RBF is used by some nodes and miners, replacing the attacker's transaction with a higher fee rate. Samourai's conclusions state that the threat surface is not important as it involves the collaborator attacking the spender, and the change to bump fees would have to be recalculated for both spender and collaborator. Antoine Riard discovered the DoS vector and helped during testing.
Updated on: 2023-06-15T22:56:46.486342+00:00