p2p: prevent unsolicited addr relay token abuse #34774

pull taki-abedesselam wants to merge 1 commits into bitcoin:master from taki-abedesselam:p2p/prevent-unsolicited-addr-relay-token-abuse changing 3 files +50 −16
  1. taki-abedesselam commented at 4:11 am on March 9, 2026: none

    The current addr relay token logic opens an attack that allows a malicious outbound peer to abuse our unsolicited message relaying as mentioned on #34717 (comment):

    • We establish an outbound connection to a node X.
    • We increase the token counter to +1000 tokens since we expect to receive up to 1000 addresses in response from node X.
    • Node X sends a buffer containing only 1 address, to bypasses the initial m_getaddr_sent check (or this negligible protection disappears entirely if the variable is removed as proposed in this PR)
    • Node X then starts sending unsolicited messages of size 10, since it knows it can use up to 1000 tokens (each address they will consume 1 token and if the number of addresses in the buffer is less or equal to 10 our node will relay it).
    • Our node become an intermediate relay, unintentionally helping hide this malicious node, since its (our node) the one who will relay the unsolicited messages.
    • Our node they will consume all of its tokens with other nodes by forwarding malicious addresses instead of forwarding addresses for legitimate nodes.

    This issue predates PR #34146, which introduced a new addr self-announcement mechanism that rendered m_getaddr_sent entirely ineffective, leading PR #34717 to propose removing it entirely.

    Instead of removing m_getaddr_sent, this PR keeps it and improves the token handling logic. The addr self-announcement is ordered to be sent after the GETADDR response, allowing the GETADDR sender to clearly distinguish between the response and the self-announcement, and safely assume the first incoming message is the legitimate response. Once the GETADDR response is processed, the token bucket is adjusted to count only the addresses actually received.

  2. p2p: prevent unsolicited addr relay token abuse 97e9554edc
  3. DrahtBot added the label P2P on Mar 9, 2026
  4. DrahtBot commented at 4:11 am on March 9, 2026: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

    LLM Linter (✨ experimental)

    Possible typos and grammar issues:

    • only for the -> Only for outbound connections. [Sentence fragment and lowercase start after a period; clarifies intent and fixes capitalization/grammar]
    • in separate ADDR/ADDRV2 message -> in a separate ADDR/ADDRV2 message [missing article “a”, which makes the phrase grammatically incorrect]
    • truck -> track [typo: “truck” is incorrect in context; should be “track”]
    • recive -> receive [spelling error]
    • its -> it’s (or it is) [incorrect possessive vs. contraction; should be “it’s” (it is) to convey “it is supposed to…”]

    2026-03-09 04:11:58


taki-abedesselam DrahtBot

Labels
P2P

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-03-09 09:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me