1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <support@pi.uk.com>) id 1S332W-00030g-ED
for bitcoin-development@lists.sourceforge.net;
Thu, 01 Mar 2012 10:15:12 +0000
Received: from mail-qw0-f47.google.com ([209.85.216.47])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1S332R-0002Em-0b
for bitcoin-development@lists.sourceforge.net;
Thu, 01 Mar 2012 10:15:12 +0000
Received: by qadz30 with SMTP id z30so3073812qad.13
for <bitcoin-development@lists.sourceforge.net>;
Thu, 01 Mar 2012 02:15:01 -0800 (PST)
Received-SPF: pass (google.com: domain of support@pi.uk.com designates
10.224.111.142 as permitted sender) client-ip=10.224.111.142;
Authentication-Results: mr.google.com;
spf=pass (google.com: domain of support@pi.uk.com
designates 10.224.111.142 as permitted sender)
smtp.mail=support@pi.uk.com
Received: from mr.google.com ([10.224.111.142])
by 10.224.111.142 with SMTP id s14mr4925733qap.78.1330596901413
(num_hops = 1); Thu, 01 Mar 2012 02:15:01 -0800 (PST)
MIME-Version: 1.0
Received: by 10.224.111.142 with SMTP id s14mr4081426qap.78.1330596901335;
Thu, 01 Mar 2012 02:15:01 -0800 (PST)
Received: by 10.229.226.139 with HTTP; Thu, 1 Mar 2012 02:15:01 -0800 (PST)
X-Originating-IP: [81.187.238.52]
In-Reply-To: <20120229234558.GA6573@vps7135.xlshosting.net>
References: <CAPg+sBhb+gYMwp1OJuCHYt5=BU63=YBWOFaLLthHBkN_U-scaA@mail.gmail.com>
<CAPBPUnqgV_hHYwFoB_1qXMvEaE1pM0vm8=V=AKe2n-rPFzz+mQ@mail.gmail.com>
<CABsx9T1YbFLcuCLbZZvSJGPy9k0PRgWttOp-KPUW+99XSYTkQQ@mail.gmail.com>
<CAPBPUnp61tCr5yVa36OGoqmO83hOJitnWJDyW3SihXyxy_FbYg@mail.gmail.com>
<20120229232029.GA6073@vps7135.xlshosting.net>
<20120229234558.GA6573@vps7135.xlshosting.net>
Date: Thu, 1 Mar 2012 10:15:01 +0000
Message-ID: <CAPBPUno7EaUeQHEb6jfR77k==p5_Q5Es8dGQiwmQW+DPSttDuA@mail.gmail.com>
From: Ben Reeves <support@pi.uk.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQnHhoPTLFyyEMwEEEYn+AfeP98Uu+8ISZ8BgasS5Cml+2tLY9UiPhhqBYh+13S1zncezGEp
X-Spam-Score: -1.3 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.2 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1S332R-0002Em-0b
Subject: Re: [Bitcoin-development] Duplicate transactions vulnerability
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2012 10:15:12 -0000
Yes you are right. Any fix in DisconnectBlock() has the same potential issues.
I think the exchanges and major merchants need to be made aware that
they must also upgrade. Maybe bundle both BIP16 and BIP30 in 0.6 and
issue an advisory stating that this is a mandatory upgrade for
everyone.
It also might be prudent to have a blockchain repair script ready,
which checks the db for missing coinbase transactions and downloads
them from another peer or block explorer if necessary.
Thank You,
Ben Reeves
www.blockchain.info
On Wed, Feb 29, 2012 at 11:45 PM, Pieter Wuille <pieter.wuille@gmail.com> wrote:
> On Wed, Feb 29, 2012 at 11:00:42PM +0000, Ben Reeves wrote:
>> I'm not sure. What if they use a coinbase of a block that has already matured?
>
> Indeed; duplicate an old coinbase, fork chain without dupe, and spend the old coinbase.
> The 100-blocks maturity will not help against is.
>
> I'm not sure how you intend to fix DisconnectBlock() to prevent this in a backward-
> compatible way, though.
>
> --
> Pieter
|
