Title: "CVE-2021-31876 Defect in Bitcoin Core's bip125 logic" Post by: Westingcote on July 25, 2021, 01:24:38 PM I have been reading some of the vulnerabilities that Bitcoin core has had recently and I do not understand the bullet point below
Quote Explicit signaling: A transaction is considered to have opted in to allowing replacement of itself if any of its inputs have an nSequence number less than (0xffffffff - 1). Quote An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff spending an https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.htmlunconfirmed parent with nSequence <= 0xff_ff_ff_fd should be replaceable as the child transaction signals "through inheritance". However, the replacement code as implemented in Core's `PreChecks()` shows that this behavior isn't enforced and Core's mempool rejects replacement attempts of an unconfirmed child transaction. Can anyone explain to me what this means and how this effects the client and how critical this vulnerability is? Title: Re: "CVE-2021-31876 Defect in Bitcoin Core's bip125 logic" Post by: ranochigo on July 25, 2021, 01:45:09 PM In the excerpt, the child transaction does not signal opt-in RBF (nSequence of 0xff_ff_ff_ff) while the parent transaction signals opt-in RBF (nSequence of 0xff_ff_ff_fd). By the virtue of the parent transaction being replaceable, the child transaction should also be replaceable.
This means that without your child transaction also signalling opt-in RBF, reference client do not consider inheritance signalling and thus you cannot execute an RBF with that child transaction. You can see how it affects the various clients in that email as well. It isn't really a "critical" vulnerability in Bitcoin Core, it is just a policy that was defined in BIP125 but never actually enforced. It can be problematic for the applications outlined in that email. Inherited signaling: Transactions that don't explicitly signal replaceability are replaceable under this policy for as long as any one of their ancestors signals replaceability and remains unconfirmed. Just to add. For normal transactions, most users in general either wait for a single confirmation before accepting a transaction. Even if they don't, then there isn't a problem because the vulnerability doesn't allow non-replaceable transactions to be replaced. PR has been merged in the main branch, so should be included in the next release. Title: Re: "CVE-2021-31876 Defect in Bitcoin Core's bip125 logic" Post by: NeuroticFish on July 25, 2021, 01:53:12 PM Can anyone explain to me what this means and how this effects the client and how critical this vulnerability is? The money is safe. This only affects certain RBF transactions, which most people most probably don't do. From what I understand a transaction marked as replaceable may not always actually be replaceable (in the client) although it should be. Title: Re: "CVE-2021-31876 Defect in Bitcoin Core's bip125 logic" Post by: pooya87 on July 26, 2021, 03:08:26 AM Since BIP125 is not a consensus rule and it doesn't affect anything in bitcoin protocol at all, we can't consider this a Bitcoin vulnerability. As you can see from the list of issues, they are affecting other protocols such as certain contracts in lightning network.
|