Re: [Bitcoin-development] Duplicate transactions vulnerability

author: Ben Reeves <support@pi.uk.com> 2012-03-01 10:15:01 +0000
committer: bitcoindev <bitcoindev@gnusha.org> 2012-03-01 10:15:12 +0000
commit: 6c83cc2292227514c7456599a50ccdff0145df33 (patch)
tree: eaf7f0d089a8706c1c8e93b769dc36f376c07d34
parent: d711f869eee7e06181760730f39a9c98cf40ecc4 (diff)
download: pi-bitcoindev-6c83cc2292227514c7456599a50ccdff0145df33.tar.gz
pi-bitcoindev-6c83cc2292227514c7456599a50ccdff0145df33.zip
1 files changed, 91 insertions, 0 deletions
diff --git a/bc/0c60e4ac688b70989040a21aced25620d8026b b/bc/0c60e4ac688b70989040a21aced25620d8026b
new file mode 100644
index 000000000..43c2c1e02
--- /dev/null
+++ b/bc/0c60e4ac688b70989040a21aced25620d8026b
@@ -0,0 +1,91 @@
+Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
+	helo=mx.sourceforge.net)
+	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
+	(envelope-from <support@pi.uk.com>) id 1S332W-00030g-ED
+	for bitcoin-development@lists.sourceforge.net;
+	Thu, 01 Mar 2012 10:15:12 +0000
+Received: from mail-qw0-f47.google.com ([209.85.216.47])
+	by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
+	(Exim 4.76) id 1S332R-0002Em-0b
+	for bitcoin-development@lists.sourceforge.net;
+	Thu, 01 Mar 2012 10:15:12 +0000
+Received: by qadz30 with SMTP id z30so3073812qad.13
+	for <bitcoin-development@lists.sourceforge.net>;
+	Thu, 01 Mar 2012 02:15:01 -0800 (PST)
+Received-SPF: pass (google.com: domain of support@pi.uk.com designates
+	10.224.111.142 as permitted sender) client-ip=10.224.111.142; 
+Authentication-Results: mr.google.com;
+	spf=pass (google.com: domain of support@pi.uk.com
+	designates 10.224.111.142 as permitted sender)
+	smtp.mail=support@pi.uk.com
+Received: from mr.google.com ([10.224.111.142])
+	by 10.224.111.142 with SMTP id s14mr4925733qap.78.1330596901413
+	(num_hops = 1); Thu, 01 Mar 2012 02:15:01 -0800 (PST)
+MIME-Version: 1.0
+Received: by 10.224.111.142 with SMTP id s14mr4081426qap.78.1330596901335;
+	Thu, 01 Mar 2012 02:15:01 -0800 (PST)
+Received: by 10.229.226.139 with HTTP; Thu, 1 Mar 2012 02:15:01 -0800 (PST)
+X-Originating-IP: [81.187.238.52]
+In-Reply-To: <20120229234558.GA6573@vps7135.xlshosting.net>
+References: <CAPg+sBhb+gYMwp1OJuCHYt5=BU63=YBWOFaLLthHBkN_U-scaA@mail.gmail.com>
+	<CAPBPUnqgV_hHYwFoB_1qXMvEaE1pM0vm8=V=AKe2n-rPFzz+mQ@mail.gmail.com>
+	<CABsx9T1YbFLcuCLbZZvSJGPy9k0PRgWttOp-KPUW+99XSYTkQQ@mail.gmail.com>
+	<CAPBPUnp61tCr5yVa36OGoqmO83hOJitnWJDyW3SihXyxy_FbYg@mail.gmail.com>
+	<20120229232029.GA6073@vps7135.xlshosting.net>
+	<20120229234558.GA6573@vps7135.xlshosting.net>
+Date: Thu, 1 Mar 2012 10:15:01 +0000
+Message-ID: <CAPBPUno7EaUeQHEb6jfR77k==p5_Q5Es8dGQiwmQW+DPSttDuA@mail.gmail.com>
+From: Ben Reeves <support@pi.uk.com>
+To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
+Content-Type: text/plain; charset=ISO-8859-1
+X-Gm-Message-State: ALoCoQnHhoPTLFyyEMwEEEYn+AfeP98Uu+8ISZ8BgasS5Cml+2tLY9UiPhhqBYh+13S1zncezGEp
+X-Spam-Score: -1.3 (-)
+X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
+	See http://spamassassin.org/tag/ for more details.
+	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
+	sender-domain
+	0.2 AWL AWL: From: address is in the auto white-list
+X-Headers-End: 1S332R-0002Em-0b
+Subject: Re: [Bitcoin-development] Duplicate transactions vulnerability
+X-BeenThere: bitcoin-development@lists.sourceforge.net
+X-Mailman-Version: 2.1.9
+Precedence: list
+List-Id: <bitcoin-development.lists.sourceforge.net>
+List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
+List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
+List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
+List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
+List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
+X-List-Received-Date: Thu, 01 Mar 2012 10:15:12 -0000
+
+Yes you are right. Any fix in DisconnectBlock() has the same potential issues.
+
+I think the exchanges and major merchants need to be made aware that
+they must also upgrade. Maybe bundle both BIP16 and BIP30 in 0.6 and
+issue an advisory stating that this is a mandatory upgrade for
+everyone.
+
+It also might be prudent to have a blockchain repair script ready,
+which checks the db for missing coinbase transactions and downloads
+them from another peer or block explorer if necessary.
+
+Thank You,
+Ben Reeves
+www.blockchain.info
+
+On Wed, Feb 29, 2012 at 11:45 PM, Pieter Wuille <pieter.wuille@gmail.com> wrote:
+> On Wed, Feb 29, 2012 at 11:00:42PM +0000, Ben Reeves wrote:
+>> I'm not sure. What if they use a coinbase of a block that has already matured?
+>
+> Indeed; duplicate an old coinbase, fork chain without dupe, and spend the old coinbase.
+> The 100-blocks maturity will not help against is.
+>
+> I'm not sure how you intend to fix DisconnectBlock() to prevent this in a backward-
+> compatible way, though.
+>
+> --
+> Pieter
+
+
author	Ben Reeves <support@pi.uk.com>	2012-03-01 10:15:01 +0000
committer	bitcoindev <bitcoindev@gnusha.org>	2012-03-01 10:15:12 +0000
commit	6c83cc2292227514c7456599a50ccdff0145df33 (patch)
tree	eaf7f0d089a8706c1c8e93b769dc36f376c07d34
parent	d711f869eee7e06181760730f39a9c98cf40ecc4 (diff)
download	pi-bitcoindev-6c83cc2292227514c7456599a50ccdff0145df33.tar.gz pi-bitcoindev-6c83cc2292227514c7456599a50ccdff0145df33.zip