Title: Question about doublespend Post by: kzv on November 28, 2018, 10:18:16 AM Hi
I have look at this code https://github.com/bitcoin/bitcoin/blob/master/src/consensus/tx_verify.cpp#L183 So my question: if bad miner will include into his block a transaction with duplicate inputs then bitcoin nodes will not check this and the block will valid? Title: Re: Question about doublespend Post by: HeRetiK on November 28, 2018, 10:37:16 AM Hi I have look at this code https://github.com/bitcoin/bitcoin/blob/master/src/consensus/tx_verify.cpp#L183 So my question: if bad miner will include into his block a transaction with duplicate inputs then bitcoin nodes will not check this and the block will valid? No. A block that includes a double-spend is invalid and as such will be discarded by the other nodes. (both mining and non-mining nodes) Edit: If I recall correctly a misusage of this function is what caused vulnerability CVE-2018–17144, which would have potentially allowed for double-spend attacks the way you described. Title: Re: Question about doublespend Post by: kzv on November 28, 2018, 10:52:00 AM Hi I have look at this code https://github.com/bitcoin/bitcoin/blob/master/src/consensus/tx_verify.cpp#L183 So my question: if bad miner will include into his block a transaction with duplicate inputs then bitcoin nodes will not check this and the block will valid? No. A block that includes a double-spend is invalid and as such will be discarded by the other nodes. (both mining and non-mining nodes) Edit: If I recall correctly a misusage of this function is what caused vulnerability CVE-2018–17144, which would have potentially allowed for double-spend attacks the way you described. Thank you. Title: Re: Question about doublespend Post by: HeRetiK on November 28, 2018, 10:57:09 AM Hi I have look at this code https://github.com/bitcoin/bitcoin/blob/master/src/consensus/tx_verify.cpp#L183 So my question: if bad miner will include into his block a transaction with duplicate inputs then bitcoin nodes will not check this and the block will valid? No. A block that includes a double-spend is invalid and as such will be discarded by the other nodes. (both mining and non-mining nodes) Edit: If I recall correctly a misusage of this function is what caused vulnerability CVE-2018–17144, which would have potentially allowed for double-spend attacks the way you described. Thank you. You're welcome. I did a little digging and if I'm not mistaken this was the commit that fixed it: https://github.com/bitcoin/bitcoin/commit/4b8a3f5d235f40be8102506ab26caad005cc40d6 I'm not sure why they didn't remove the comment about skipping this check in CheckBlock() though. |