Specially crafted transactions can take more than 3 minutes to verify #2256

issue SergioDemianLerner opened this issue on February 1, 2013
  1. SergioDemianLerner commented at 5:07 AM on February 1, 2013: contributor

    Please read the following thread: https://bitcointalk.org/index.php?topic=140078.0

    Also additional information was privately sent to the dev team.

    My proposed solutions is:

    1. Create a Transaction hash cache to temporarily store the last used hash during the evaluation of a script.
    2. Verify that the ECDSA signature and the ECDSA public key are well-formed before hashing the transaction.
    3. Verify the length of pushed signatures of vin[i].scriptSig in CTransaction::AreInputsStandard() to see if they are long enough. (currently only stack.size() = (unsigned int)nArgsExpected) is tested, but not the actual arguments. )

    The first 2 defense measures must be deployed together.

  2. gavinandresen commented at 4:32 PM on February 5, 2013: contributor

    see #2275

  3. Diapolo commented at 1:13 PM on October 24, 2013: none

    @gavinandresen Is this still unfixed?

  4. gavinandresen commented at 9:11 PM on October 24, 2013: contributor

    Unfixed, but low priority-- why would a miner create a block that is likely to get orphaned because it takes peers so long to validate? And even if they did, and the block was not orphaned, all they accomplish is making full-chain catch-up validation take longer for a while (until a new release with a new checkpoint, because we skip signature checking up to the last checkpoint).

  5. laanwj added the label Validation on Feb 16, 2016
  6. laanwj added the label Resource usage on Feb 16, 2016
  7. laanwj removed the label Priority Low on Dec 6, 2017
  8. apobbati commented at 12:28 AM on October 23, 2018: none

    Is this still an issue?

  9. SergioDemianLerner commented at 4:18 PM on October 23, 2018: contributor

    Yes, minor.

  10. verdy-p commented at 1:23 AM on January 7, 2022: none

    Is it really "minor"?

    It may be a DOS attack against some critical "highly trusted" peers, by forcing them to take much more time than needed, and no longer being able to cope with the incoming requests, or even being able to generate its own block (in that case, it is an attack agasist concurrent miners, made by another miner with a trick to winn the competition unfairly, and get all credits coins for being the first being able to validate a new block in the chain.

    In summary: miners won't compete fairly and win much more than what they should have won, and the mining gets slower for everyone else. Such attack would likely be performed by very powerful mining farms (in China?) or profiting from very low cost for energy (in Iceland or from stealing energy resources and not paying any tax, due to some abusive local privileges, or just because they have LOT of money to spend and already have very large BTC portolio to build and run fast massive mining farms, until they are the only remaining one capable with their power to mine all the remaining boins; then they will control the BTC market by emitting/spending their mass of coins when they want, and can then largely influce the trading).

    This is then a problem of unfair competition in the mining industry (and probably also in the BTC trading: abusers take no risks, all others have to support the increased risks when BTC is suddenly devaluated: abusers can use that to buy again more coins).

  11. MarcoFalke commented at 2:48 PM on January 26, 2022: member

    My understanding is that the worst case version of this can only be exploited with a non-standard transaction. On the current network there is no known miner accepting non-standard transactions (probably for exactly the bug described in this issue and others). While it may be possible to reduce the time needed to verify some of such crafted transactions with caching, implementing that is non-trivial and fixing the overall issue is to the best of my knowledge impossible without a consensus change. Such a network-wide consensus changes first need to be proposed and discussed with the greater community, for example on the bitcoin-dev mailing list. Also, it needs a BIP to be implemented in Bitcoin Core and other software that connects to the bitcoin P2P network. So I am closing this issue for now.

    To clarify, I am not saying that the issue doesn't exist. The issue is real, but there is likely no trivial fix other than a consensus change. Something like "The great consensus cleanup" could be used as a baseline: https://github.com/bitcoin/bips/blob/7f9670b643b7c943a0cc6d2197d3eabe661050c2/bip-XXXX.mediawiki

  12. MarcoFalke closed this on Jan 26, 2022
  13. DrahtBot locked this on Jun 9, 2023
Contributors
SergioDemianLernergavinandresenDiapoloapobbativerdy-pMarcoFalke
Labels
BugValidationResource usage
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-24 18:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me