Discussion: Should the mempool.dat file be encrypted/XORed? #16721

issue 0xB10C openend this issue on August 25, 2019
  1. 0xB10C commented at 10:58 am on August 25, 2019: member

    XORing the mempool.dat was discussed as early as 2016 in the same PR that implemented loadMempool() and dumpMempool. Back then @sipa wrote:

    XORed dump is not implemented, this can be done later. #8448 (comment)

    Should the mempool.dat file be XORed with a random key similar to how the chainstate blk*.dat is? Is it possible to include something malicious in the mempool.dat that could actually cause problems?

    A sample attack vector where XORing could help (tl;dr below): Attacker A broadcasts a transaction T with the minimum relay fee/mempool acceptance fee. This T contains something malicious e.g. via an OP_RETURN output. Due to the low fee, T could stay in the mempool of a lot of nodes for a maximum of two weeks (assuming medium to high feerate levels in that period). If A times this correctly, (s)he could broadcast T as soon as new release is published. Node operators would stop (dumpMempool()), update to new version, and restart (loadMempool()) their node. T would be persisted on disk in the mempool.dat until ((T is mined || T is evicted) && node is restarted) (at e.g. the next major release). Broadcasting such a T could be done cheaply for a few hundred satoshis and as often as one is willing to do.

    This leads me to the question what could be the malicious something in T. Since, unlike the chainstate blk*.dat files, the mempool.dat is not critically needed for Bitcoin Core to run, an anti-virus software blocking the file wouldn’t be a major problem. However e.g. a government entity scanning a hard drive in e.g. airport security could be a problem.

    tl;dr: I think, if timed correctly, you could persist a transaction with malicious content in quite a lot of mempool.dat files for only a few satoshis. The transaction would stay in the mempool.dat file untll the bitcoin node restarts, which quite possible could be a full release cycle. My question now is: Is there something malicious that could actually oppose a threat, if persisted in the mempool.dat ?

    This is open for discussion. I don’t have an answer. If XORing is needed, I might implement it and open a PR at a later stage.

    edit: I mean’t the obfuscated chainstate (https://github.com/bitcoin/bitcoin/pull/6650) and not XORed blk*.dat files.

  2. fanquake added the label Brainstorming on Aug 25, 2019
  3. fanquake added the label Mempool on Aug 25, 2019
  4. 0xB10C commented at 6:09 pm on December 18, 2020: member
    closing this for now
  5. 0xB10C closed this on Dec 18, 2020
  6. DrahtBot locked this on Feb 15, 2022


0xB10C

Labels
Brainstorming Mempool

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-11-21 03:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me