1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
Return-Path: <loki@cybriq.systems>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id DD81CC002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 11 Oct 2022 05:42:56 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id 1715F6079E
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 11 Oct 2022 05:42:56 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 1715F6079E
Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key,
unprotected) header.d=cybriq.systems header.i=@cybriq.systems
header.a=rsa-sha256 header.s=protonmail2 header.b=ddAWxKtH
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id A240cUq9tusz
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 11 Oct 2022 05:42:54 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 0B3BC60675
Received: from mail-4317.proton.ch (mail-4317.proton.ch [185.70.43.17])
by smtp3.osuosl.org (Postfix) with ESMTPS id 0B3BC60675
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 11 Oct 2022 05:42:53 +0000 (UTC)
Date: Tue, 11 Oct 2022 05:42:40 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cybriq.systems;
s=protonmail2; t=1665466971; x=1665726171;
bh=XhCYz0KcZZosQppod5jU0dENly9RNCj0gDeC0J2wCec=;
h=Date:To:From:Subject:Message-ID:In-Reply-To:References:
Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
Message-ID;
b=ddAWxKtHWRmcUs7u1jdWi4woruy6AztRrawgtoSOgjVGnNkAVIr17XR7nJAbqr3xw
NTlM5nHnfaIOMnG5zMwzDeaKtRWAsDP9z8lQ7bq4pGjS6sVjGVpNsSio+p1UC9Luuo
aAnxzRcvpiNNREhJS9gii44BoEp5eg+JofIJFiFsC1C8x5nOeqAYwNOAFYxLdq6QYk
tWkQEYun/O5UUfHSwJnt+8Qq98EtUQjmuBA9CBIMkuhdCRrF5spB9LUUM5h+foGPeW
TK5/4CobUd/RIW2LGhWb9w791qN8AtNcq/hgO4XsGyuDqhbYWoaYh9yQYwDAZJht++
XAXCPZ7VygNUw==
To: "bitcoin-dev@lists.linuxfoundation.org"
<bitcoin-dev@lists.linuxfoundation.org>
From: Loki Verloren <loki@cybriq.systems>
Message-ID: <Z9_T0sYBHcJS5M21tyvXa6vAhC1YamBRXzTCll31M4peuHdbo25v4rnycfTbZOgNgmxA4rzTGLuU4lxT9o6tft90N_7-pfAgiY8_2BAX4w8=@cybriq.systems>
In-Reply-To: <6by5pfnBrFYUmFpOtTRyZ0YIxJaKyaJ1tqW3s26_ZHeGZIJssZY0kLvmYqXtoXRK-mMoMbDY-dmKw_mlCUCDYlzolM25ZvkLpr6pvh8t2LY=@cybriq.systems>
References: <6by5pfnBrFYUmFpOtTRyZ0YIxJaKyaJ1tqW3s26_ZHeGZIJssZY0kLvmYqXtoXRK-mMoMbDY-dmKw_mlCUCDYlzolM25ZvkLpr6pvh8t2LY=@cybriq.systems>
Feedback-ID: 37720796:user:proton
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg=pgp-sha512;
boundary="------975fcf603e7e44ec27d75cd3bcf44d82b409a91732798b36041ba62c5a6628d1";
charset=utf-8
X-Mailman-Approved-At: Tue, 11 Oct 2022 10:21:57 +0000
Subject: [bitcoin-dev] Minor DoS vulnerability in BIP144 lack of tx witness
data size limit
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2022 05:42:57 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------975fcf603e7e44ec27d75cd3bcf44d82b409a91732798b36041ba62c5a6628d1
Content-Type: multipart/mixed;boundary=---------------------993fbe9a61e8980bb5fd9c0a9c478397
-----------------------993fbe9a61e8980bb5fd9c0a9c478397
Content-Type: multipart/alternative;boundary=---------------------4a14b9522bf1f009147f722ad665da02
-----------------------4a14b9522bf1f009147f722ad665da02
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8
The recent 998 of 999 multisig segwit transaction highlights a problem wit=
h BIP144. As the solution applied for btcd shows, effectively a single tra=
nsaction witness can be the same as the maximum block size.
11000 bytes may not be so unreasonable but now there is a special case wit=
h a block over 33k worth of witness data.
A concrete limit should be set on the maximum size of a transaction witnes=
s, and this should be discussed in a more general sense about total transa=
ction sizes.
In the absence of a specification, it becomes impossible to properly imple=
ment and the status quo devolves to the actual implementation in the bitco=
in core repository code.
I think the weight calculation should escalate exponentially to discourage=
putting transactions like this on the chain. The price was equivalent to =
about $5 to do this.
-----------------------4a14b9522bf1f009147f722ad665da02
Content-Type: multipart/related;boundary=---------------------8a058f899feae8ffbe8c88e771daca84
-----------------------8a058f899feae8ffbe8c88e771daca84
Content-Type: text/html;charset=utf-8
Content-Transfer-Encoding: base64
PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsOyBmb250LXNpemU6IDE0cHg7Ij48YnI+PC9k
aXY+PGRpdiBjbGFzcz0icHJvdG9ubWFpbF9xdW90ZSI+CiAgICAgICAgCiAgICAgICAgICAgIDxk
aXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBBcmlhbDsgZm9udC1zaXplOiAxNHB4OyI+PHNwYW4+VGhl
IHJlY2VudCA5OTggb2YgOTk5IG11bHRpc2lnIHNlZ3dpdCB0cmFuc2FjdGlvbiBoaWdobGlnaHRz
IGEgcHJvYmxlbSB3aXRoIEJJUDE0NC4gQXMgdGhlIHNvbHV0aW9uIGFwcGxpZWQgZm9yIGJ0Y2Qg
c2hvd3MsIGVmZmVjdGl2ZWx5IGEgc2luZ2xlIHRyYW5zYWN0aW9uIHdpdG5lc3MgY2FuIGJlIHRo
ZSBzYW1lIGFzIHRoZSBtYXhpbXVtIGJsb2NrIHNpemUuPC9zcGFuPjxkaXY+PGJyPjwvZGl2Pjxk
aXY+PHNwYW4+MTEwMDAgYnl0ZXMgbWF5IG5vdCBiZSBzbyB1bnJlYXNvbmFibGUgYnV0IG5vdyB0
aGVyZSBpcyBhIHNwZWNpYWwgY2FzZSB3aXRoIGEgYmxvY2sgb3ZlciAzM2sgd29ydGggb2Ygd2l0
bmVzcyBkYXRhLjwvc3Bhbj48L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2PjxzcGFuPkEgY29uY3Jl
dGUgbGltaXQgc2hvdWxkIGJlIHNldCBvbiB0aGUgbWF4aW11bSBzaXplIG9mIGEgdHJhbnNhY3Rp
b24gd2l0bmVzcywgYW5kIHRoaXMgc2hvdWxkIGJlIGRpc2N1c3NlZCBpbiBhIG1vcmUgZ2VuZXJh
bCBzZW5zZSBhYm91dCB0b3RhbCB0cmFuc2FjdGlvbiBzaXplcy48L3NwYW4+PC9kaXY+PGRpdj48
YnI+PC9kaXY+PGRpdj48c3Bhbj5JbiB0aGUgYWJzZW5jZSBvZiBhIHNwZWNpZmljYXRpb24sIGl0
IGJlY29tZXMgaW1wb3NzaWJsZSB0byBwcm9wZXJseSBpbXBsZW1lbnQgYW5kIHRoZSBzdGF0dXMg
cXVvIGRldm9sdmVzIHRvIHRoZSBhY3R1YWwgaW1wbGVtZW50YXRpb24gaW4gdGhlIGJpdGNvaW4g
Y29yZSByZXBvc2l0b3J5IGNvZGUuPC9zcGFuPjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+SSB0
aGluayB0aGUgd2VpZ2h0IGNhbGN1bGF0aW9uIHNob3VsZCBlc2NhbGF0ZSBleHBvbmVudGlhbGx5
IHRvIGRpc2NvdXJhZ2UgcHV0dGluZyB0cmFuc2FjdGlvbnMgbGlrZSB0aGlzIG9uIHRoZSBjaGFp
bi4gVGhlIHByaWNlIHdhcyBlcXVpdmFsZW50IHRvIGFib3V0ICQ1IHRvIGRvIHRoaXMuPC9kaXY+
PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IEFyaWFsOyBmb250LXNpemU6IDE0cHg7IiBj
bGFzcz0icHJvdG9ubWFpbF9zaWduYXR1cmVfYmxvY2siPgo8L2Rpdj4KCiAgICAgICAgPGJyPgog
ICAgPC9kaXY+
-----------------------8a058f899feae8ffbe8c88e771daca84--
-----------------------4a14b9522bf1f009147f722ad665da02--
-----------------------993fbe9a61e8980bb5fd9c0a9c478397
Content-Type: application/pgp-keys; filename="publickey - loki@cybriq.systems - 0x7BC3C653.asc"; name="publickey - loki@cybriq.systems - 0x7BC3C653.asc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="publickey - loki@cybriq.systems - 0x7BC3C653.asc"; name="publickey - loki@cybriq.systems - 0x7BC3C653.asc"
LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgp4ak1FWVI2cnBCWUpLd1lCQkFI
YVJ3OEJBUWRBQVgvMXBvZDk5UTdnQjVoUHhpUzRoWnpHN1VWWlp2NVAKSHNYdUdZOWhuUS9OS1d4
dmEybEFZM2xpY21seExuTjVjM1JsYlhNZ1BHeHZhMmxBWTNsaWNtbHhMbk41CmMzUmxiWE0rd284
RUVCWUtBQ0FGQW1FZXJaWUdDd2tIQ0FNQ0JCVUlDZ0lFRmdJQkFBSVpBUUliQXdJZQpBUUFoQ1JC
eERFTHFoUkFGRVJZaEJIdkR4bFA4U0UxSm1uMU5FbkVNUXVxRkVBVVJpNWdBLzBOUWRxU0QKTDJ4
cFg0SHNpQkVvMWNkNmJTTCsyK2xLeXk3L1JlSjY5Q2VmQVFDSWY1TlQ4TjIzcVdNWjNOUDU1TC94
CkpsMmw1VzFpZWhmd2l1ZC94cXVmQWM0NEJHRWVxNlFTQ2lzR0FRUUJsMVVCQlFFQkIwRFBaTlBB
SDYwWgovNHNiclNaZ2lFbEU1c1V0bTdGcE9WZ2FhamVZUWdmcmJBTUJDQWZDZUFRWUZnZ0FDUVVD
WVI2dGxnSWIKREFBaENSQnhERUxxaFJBRkVSWWhCSHZEeGxQOFNFMUptbjFORW5FTVF1cUZFQVVS
UUZjQkFNVU5GbEpMCjErb2NrZGZKQTNreGdCZjdyUzgrT0JDSXVSaG1uYi9RRzdJU0FRRDFGQVow
aFhSSnV5UHR4QkMyZkY2TgpYTTd4RUVOaGZSUnNuYmludHlPSEF3PT0KPTNoOGoKLS0tLS1FTkQg
UEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQo=
-----------------------993fbe9a61e8980bb5fd9c0a9c478397--
--------975fcf603e7e44ec27d75cd3bcf44d82b409a91732798b36041ba62c5a6628d1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wnUEARYKAAYFAmNFAjYAIQkQcQxC6oUQBREWIQR7w8ZT/EhNSZp9TRJxDELq
hRAFEVCQAQDyXmkne8nPVG0FaGEJ7yVjEVcZRtMOAjPiGkTNqi71YQD/c07h
tpQJdXOnuc3ByypXbQVAvndP8D7EWjOMmihg6w8=
=6tW3
-----END PGP SIGNATURE-----
--------975fcf603e7e44ec27d75cd3bcf44d82b409a91732798b36041ba62c5a6628d1--
|