Discussion: Should the mempool.dat file be encrypted/XORed? #16721

issue 0xB10C opened this issue on August 25, 2019
  1. 0xB10C commented at 10:58 AM on August 25, 2019: member

    XORing the mempool.dat was discussed as early as 2016 in the same PR that implemented loadMempool() and dumpMempool. Back then @sipa wrote:

    XORed dump is not implemented, this can be done later. #8448 (comment)

    Should the mempool.dat file be XORed with a random key similar to how the chainstate <s>blk*.dat</s> is? Is it possible to include something malicious in the mempool.dat that could actually cause problems?

    A sample attack vector where XORing could help (tl;dr below): Attacker A broadcasts a transaction T with the minimum relay fee/mempool acceptance fee. This T contains something malicious e.g. via an OP_RETURN output. Due to the low fee, T could stay in the mempool of a lot of nodes for a maximum of two weeks (assuming medium to high feerate levels in that period). If A times this correctly, (s)he could broadcast T as soon as new release is published. Node operators would stop (dumpMempool()), update to new version, and restart (loadMempool()) their node. T would be persisted on disk in the mempool.dat until ((T is mined || T is evicted) && node is restarted) (at e.g. the next major release). Broadcasting such a T could be done cheaply for a few hundred satoshis and as often as one is willing to do.

    This leads me to the question what could be the malicious something in T. Since, unlike the chainstate <s>blk*.dat files</s>, the mempool.dat is not critically needed for Bitcoin Core to run, an anti-virus software blocking the file wouldn't be a major problem. However e.g. a government entity scanning a hard drive in e.g. airport security could be a problem.

    tl;dr: I think, if timed correctly, you could persist a transaction with malicious content in quite a lot of mempool.dat files for only a few satoshis. The transaction would stay in the mempool.dat file untll the bitcoin node restarts, which quite possible could be a full release cycle. My question now is: Is there something malicious that could actually oppose a threat, if persisted in the mempool.dat ?

    This is open for discussion. I don't have an answer. If XORing is needed, I might implement it and open a PR at a later stage.

    edit: I mean't the obfuscated chainstate (https://github.com/bitcoin/bitcoin/pull/6650) and not XORed blk*.dat files.

  2. fanquake added the label Brainstorming on Aug 25, 2019
  3. fanquake added the label Mempool on Aug 25, 2019
  4. 0xB10C commented at 6:09 PM on December 18, 2020: member

    closing this for now

  5. 0xB10C closed this on Dec 18, 2020
  6. DrahtBot locked this on Feb 15, 2022
Contributors
0xB10C
Labels
BrainstormingMempool
Linked (view graph)
#6650 Obfuscate chainstate#8448 Store mempool and prioritization data to disk#17779 Coordinating anti virus false positive reporting
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-20 06:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me