Title: Duplicate transaction exploit? Post by: theymos on April 14, 2011, 06:58:10 PM Take a look at this block on testnet:
http://blockexplorer.com/testnet/block/000000000a055d58b55d9e2c4914480cdeba5f66d0fb285ad2d1510e4e1d607f It's full of duplicate transactions, and the generator then collects fees (again) on these duplicates. Hopefully I'm processing this wrong, or there is a very serious bug in Bitcoin... Title: Re: Duplicate transaction exploit? Post by: Raulo on April 14, 2011, 07:07:10 PM Something funny but much less sinister happened. The chain split and the longer chain prevailed. Then the transactions from the orphaned chain were included again. The 13368 block in the current chain no longer have these transactions:
Code: getblockbycount 13368 The blockexplorer must have missed the chain split. Title: Re: Duplicate transaction exploit? Post by: theymos on April 14, 2011, 07:25:52 PM Thanks. That was the cause. I fixed the block.
Now I have to figure out how a reorg was missed... Title: Re: Duplicate transaction exploit? Post by: caveden on April 14, 2011, 08:43:58 PM I didn't follow... how did the block reorganization created a block with double-spending?
Title: Re: Duplicate transaction exploit? Post by: Steve on April 15, 2011, 02:03:50 AM I didn't follow... how did the block reorganization created a block with double-spending? If I understand correctly, there was no block created with any double spending...there was a split in the block chain and there were actually two concurrent blocks (both having the same parent) that had a number of the same transactions in them. The split corrected itself as it is designed to do, but blockexplorer was showing both of the blocks (probably a bug in blockexplorer, not bitcoin). Title: Re: Duplicate transaction exploit? Post by: theymos on April 15, 2011, 02:45:05 AM Yeah, it was a problem with Bitcoin Block Explorer. Some blocks were not updated after a very large chain split (~8 blocks), which made the block chain wrong.
The large split was detected: Code: Tue, 12 Apr 2011 07:04:07 +0000 BBE should have then turned itself off to prevent further damage. However, I haven't yet set up a system where only testnet can turn off, and previously testnet would take down mainnet, so I made testnet incapable of turning itself off. So it kept updating: Code: Tue, 12 Apr 2011 07:06:07 +0000 A few blocks before 13371 were then wrong, but the later blocks were still being updated. This resulted in a block containing transactions that had previously appeared in the now-orphan blocks. These appeared to be duplicates to BBE, but they actually weren't. The massive fee amount made me think it was a real exploit rather than just a BBE processing error, and this was corroborated by my analysis of BBE rawblock data, which was obviously also wrong. Testnet now looks back 10 blocks, which should make this more rare. I've also been planning a more elegant update control system that will allow testnet to turn itself off without taking down mainnet. Title: Re: Duplicate transaction exploit? Post by: bitcoinex on April 15, 2011, 04:38:32 PM Incident like that will cause a transactional fee? As described in this topic (https://www.bitcoin.org/smf/index.php?topic=5827.0).
|