Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: jgarzik on August 15, 2010, 06:08:49 PM


Title: Strange block 74638
Post by: jgarzik on August 15, 2010, 06:08:49 PM

The "value out" in this block #74638 is quite strange:

Code:
{
    "hash" : "0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c",
    "ver" : 1,
    "prev_block" : "0000000000606865e679308edf079991764d88e8122ca9250aef5386962b6e84",
    "mrkl_root" : "618eba14419e13c8d08d38c346da7cd1c7c66fd8831421056ae56d8d80b6ec5e",
    "time" : 1281891957,
    "bits" : 469794830,
    "nonce" : 28192719,
    "n_tx" : 2,
    "tx" : [
        {
            "hash" : "012cd8f8910355da9dd214627a31acfeb61ac66e13560255bfd87d3e9c50e1ca",
            "ver" : 1,
            "vin_sz" : 1,
            "vout_sz" : 1,
            "lock_time" : 0,
            "in" : [
                {
                    "prev_out" : {
                        "hash" : "0000000000000000000000000000000000000000000000000000000000000000",
                        "n" : 4294967295
                    },
                    "coinbase" : "040e80001c028f00"
                }
            ],
            "out" : [
                {
                    "value" : 50.51000000,
                    "scriptPubKey" : "0x4F4BA55D1580F8C3A8A2C78E8B7963837C7EA2BD8654B9D96C51994E6FCF6E65E1CF9A844B044EEA125F26C26DBB1B207E4C3F2A098989DA9BA5BA455E830F7504 OP_CHECKSIG"
                }
            ]
        },
        {
            "hash" : "1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9",
            "ver" : 1,
            "vin_sz" : 1,
            "vout_sz" : 2,
            "lock_time" : 0,
            "in" : [
                {
                    "prev_out" : {
                        "hash" : "237fe8348fc77ace11049931058abb034c99698c7fe99b1cc022b1365a705d39",
                        "n" : 0
                    },
                    "scriptSig" : "0xA87C02384E1F184B79C6ACF070BEA45D5B6A4739DBFF776A5D8CE11B23532DD05A20029387F6E4E77360692BB624EEC1664A21A42AA8FC16AEB9BD807A4698D0CA8CDB0021024530 0x965D33950A28B84C9C19AB64BAE9410875C537F0EB29D1D21A60DA7BAD2706FBADA7DF5E84F645063715B7D0472ABB9EBFDE5CE7D9A74C7F207929EDAE975D6B04"
                }
            ],
            "out" : [
                {
                    "value" : 92233720368.54277039,
                    "scriptPubKey" : "OP_DUP OP_HASH160 0xB7A73EB128D7EA3D388DB12418302A1CBAD5E890 OP_EQUALVERIFY OP_CHECKSIG"
                },
                {
                    "value" : 92233720368.54277039,
                    "scriptPubKey" : "OP_DUP OP_HASH160 0x151275508C66F89DEC2C5F43B6F9CBE0B5C4722C OP_EQUALVERIFY OP_CHECKSIG"
                }
            ]
        }
    ],
    "mrkl_tree" : [
        "012cd8f8910355da9dd214627a31acfeb61ac66e13560255bfd87d3e9c50e1ca",
        "1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9",
        "618eba14419e13c8d08d38c346da7cd1c7c66fd8831421056ae56d8d80b6ec5e"
    ]
}

92233720368.54277039 BTC?  Is that UINT64_MAX, I wonder?

Title: Re: Strange block 74638
Post by: lachesis on August 15, 2010, 06:17:35 PM
Quote from: jgarzik on August 15, 2010, 06:08:49 PM
The "value out" in this block #74638 is quite strange:
That is strange. What does the TxIn look like?

Quote from: jgarzik on August 15, 2010, 06:08:49 PM
92233720368.54277039 BTC?  Is that UINT64_MAX, I wonder?
It's 2^63/10^8, so it looks like it's INT64_MAX, not UINT64_MAX

Title: Re: Strange block 74638
Post by: theymos on August 15, 2010, 06:28:56 PM
This could be a serious problem. Bitcoin's printblock also shows it:

Code:
CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleR
oot=618eba, nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
  CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
    CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
    CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
  CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
    CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
    CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
    CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
  vMerkleTree: 012cd8 1d5e51 618eba

Title: Re: Strange block 74638
Post by: lfm on August 15, 2010, 06:55:34 PM
Quote from: theymos on August 15, 2010, 06:28:56 PM
This could be a serious problem. Bitcoin's printblock also shows it:

Code:
CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleR
oot=618eba, nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
  CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
    CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
    CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
  CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
    CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
    CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
    CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
  vMerkleTree: 012cd8 1d5e51 618eba


The sum of the two outputs overflows to a negative. Its a bug in the transaction checks which did not reject it, then someone noticed and exploited it. Presumably a new version will be able to reject it and start a new valid fork. meanwhile should probablt shut down whatever you can and by no means make nor accept any transactions.

Title: Re: Strange block 74638
Post by: kencausey on August 15, 2010, 07:30:30 PM
Related thread: http://bitcointalk.org/index.php?topic=823.0

Title: Re: Strange block 74638
Post by: lfm on August 15, 2010, 07:34:18 PM
Im speculating here somewhat but from what I can see someone has generated a transaction, probably using a custom modification of the software to generate a transaction which exploits a weakness in the code. The code check each transaction output for negative numbers individually (up to ver 0.3.8 at least) but forgot to check that the sum of two outputs (where you have the normal output of a transaction and the "change" leftover amount returned to the sender) is negative. So if you put two large but positive values in the transaction the overflow is then only checked that it is less than or equal to the inputs.

Normally the inputs are equal to the outputs of a transaction. The exception is when there is a "fee" charged for the transaction. The net allows anyone to voluntarily pay any amout for a fee. SO when the sum was negative the difference from the input looked like a fee. It slipped thru all the checks. Her is some of the details:
 out Value 1:92233720368.54(7ffffffffff85ee0)
 out Value 2:92233720368.54(7ffffffffff85ee0)

the sum would make -0.01 BTC

generated transaction "reward" including 51 bitcent "fee"
 out Value:50.51(000000012d1024c0)

that implies the input value was 0.50 BTC


Title: Re: Strange block 74638
Post by: aceat64 on August 15, 2010, 07:50:00 PM
For now I have stopped generating on my nodes.

Title: Re: Strange block 74638
Post by: NewLibertyStandard on August 15, 2010, 08:29:32 PM
Let's not keep two different threads open on this subject. Let's move our conversation over to the thread in the dev forum (http://bitcointalk.org/index.php?topic=823.0). Moderators, please lock this thread if you agree.

Title: Re: Strange block 74638
Post by: Insti on August 15, 2010, 08:38:16 PM
Quote from: NewLibertyStandard on August 15, 2010, 08:29:32 PM
Let's not keep two different threads open on this subject. Let's move our conversation over to the thread in the dev forum (http://bitcointalk.org/index.php?topic=823.0). Moderators, please lock this thread if you agree.
This thread currently has more useful information in it.

Title: Re: Strange block 74638
Post by: NewLibertyStandard on August 15, 2010, 08:42:17 PM
Quote from: Insti on August 15, 2010, 08:38:16 PM
Quote from: NewLibertyStandard on August 15, 2010, 08:29:32 PM
Let's not keep two different threads open on this subject. Let's move our conversation over to the thread in the dev forum (http://bitcointalk.org/index.php?topic=823.0). Moderators, please lock this thread if you agree.
This thread currently has more useful information in it.
Both threads have a link to the other, so usefulness of information doesn't matter. I think the other thread is more appropriate which is why I suggested this one be locked. If a moderator thinks this one is more appropriate, then they should lock the other. Of course if the moderators want both threads going at the same time, that's their prerogative. It's just a suggestion and not really a big deal either way.

Title: Re: Strange block 74638
Post by: mizerydearia on August 20, 2010, 12:57:53 AM
Here is some information related to the incident that may be used by anyone else if they would dislike.  If you would like to use it then you may not.

In old/corrupt chain:

Block 74637 has timestamp of 1281891763 (Sun Aug 15 11:34:43 CDT 2010)
Block 74638 had timestamp of 1281891957 (Sun Aug 15 12:05:57 CDT 2010)
Block 74639 had timestamp of 1281892233 (Sun Aug 15 12:10:33 CDT 2010)


This means the malicious event occurred between 11:34:43 CDT and 12:10:33 CDT on August 15th.

http://bitcointalk.org/index.php?topic=822.0
August 15, 2010, 01:08:49 PM CDT

This means the malicious event was discovered up to about 1.5hrs after it occurred.

http://bitcointalk.org/index.php?topic=823.msg9524#msg9524
August 15, 2010, 03:39:42 PM CDT

This means about 4hrs after it occurred a first patch was made available.

http://bitcointalk.org/index.php?topic=823.msg9548#msg9548
August 15, 2010, 04:40:19 PM CDT

This means about just over 5hrs after it occurred a path was pushed to svn by satoshi.

5 hours is much more impressive than "within a day." even though the official release of 0.3.10 didn't occur until the next day. =/

I first posted this as a comment to http://www.bitcoinblogger.com/2010/08/bitcoin-issues-security-update-faster.html

Other threads related to the issue:
http://bitcointalk.org/index.php?topic=823.0
http://bitcointalk.org/index.php?topic=827.0
http://bitcointalk.org/index.php?topic=832.0

Title: Re: Strange block 74638
Post by: FreeMoney on August 20, 2010, 02:04:47 AM
Did we get luck or is there a secret pager number that alerts Satoshi to emergencies :)

Title: Re: Strange block 74638
Post by: mizerydearia on August 20, 2010, 03:02:27 AM
I heard that the patch was available before Satoshi awakened.

Title: Re: Strange block 74638
Post by: FreeMoney on August 20, 2010, 03:41:54 AM
Quote from: mizerydearia on August 20, 2010, 03:02:27 AM
I heard that the patch was available before Satoshi awakened.

Nice. I shouldn't even have assumed he did it. I know there are lots of people here with skills.

Title: Re: Strange block 74638
Post by: sgk on July 23, 2014, 09:07:53 AM
Well... this issue made it to "The 9 Biggest Screwups in Bitcoin History"

http://www.coindesk.com/9-biggest-screwups-bitcoin-history/

Title: Re: Strange block 74638
Post by: Justin00 on July 23, 2014, 09:10:18 AM
Thanks for reporting news from 2010 :)

Title: Re: Strange block 74638
Post by: Justin00 on July 23, 2014, 09:27:20 AM
heh I was being sarcastic at first but that link you provided is actually pretty cool... Thanks :)

Title: Re: Strange block 74638
Post by: sgk on July 23, 2014, 12:14:59 PM
Quote from: Justin00 on July 23, 2014, 09:27:20 AM
heh I was being sarcastic at first but that link you provided is actually pretty cool... Thanks :)

Thank you.

Although the one I'll always remember is the guy who threw the hard drive with 7500 BTC into a dump yard.

Title: Re: Strange block 74638
Post by: BowieMan on July 23, 2014, 12:19:23 PM
Quote from: sgk on July 23, 2014, 09:07:53 AM
Well... this issue made it to "The 9 Biggest Screwups in Bitcoin History"

http://www.coindesk.com/9-biggest-screwups-bitcoin-history/

Wow, do they link the thread? I almost got a heart attack while reading that 'a fork will probably fix it' But the block number is quite low, so I maybe should have noticed my mistake earlier. Good thing most of those quirks are now fixed!

Title: Re: Strange block 74638
Post by: Justin00 on July 23, 2014, 01:19:16 PM
Post #1 from 2010 has several threads on the issue...

Title: Re: Strange block 74638
Post by: Taras on July 24, 2014, 07:51:15 AM
I just looked at this thread before it was super-bumped...

Must be a sign, HL3 confirmed

Title: Re: Strange block 74638
Post by: allyouracid on November 28, 2015, 01:36:50 PM
Hey guys,

first off: I'm very sorry to be a grave digger. But I have this (already solved) incident in my mind since I read about it, which was quite a while after it occurred.

Now, I thought about what would happen if the one who generated that transaction had malicious intents. Let's make a thought play:
Transaction was made and someone - let's call him Bob - now holds more than 184bn BTC in his wallet. Knowing the transaction will be detected soon, Bob is in a hurry.

He moves his coins over to an Altcoin exchange and sells whatever he can for Altcoins, crashing the price of e.g. Litecoin, DASH and what not else.

Now, Bob moves his fraudulently generated DASH, Litecoin etc. to his wallets. He has made one hell of a gain, waiting for things to calm, so he can sell his Altcoins back for Bitcoin.

Meanwhile, the incident was detected and five hours later, a "rollback" - the hardfork - was decided upon and done.

What happens now? The Altcoin exchange has some serious trouble: many, many users now have sold Litecoin and DASH for Bitcoins which don't exist, anymore. As the exchange isn't able to pay (let users withdraw their non existing BTC), but the Altcoins are already withdrawn by Bob, what would happen next?

Would that just be a "shit happens" situation, or would the Altcoins which are affected also be forced to do a hardfork?


Anyone who is interested in continuing this thought is welcome to do so! :)


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines