"CVE-2021-31876 Defect in Bitcoin Core's bip125 logic"

[Westingcote]

I have been reading some of the vulnerabilities that Bitcoin core has had recently and I do not understand the bullet point below

Explicit signaling: A transaction is considered to have opted in to
allowing replacement of itself if any of its inputs have an nSequence
number less than (0xffffffff - 1).

An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff spending an
unconfirmed parent with nSequence <= 0xff_ff_ff_fd should be replaceable as
the child transaction signals "through inheritance". However, the
replacement code as implemented in Core's `PreChecks()` shows that this
behavior isn't  enforced and Core's mempool rejects replacement attempts of
an unconfirmed child transaction.

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html

Can anyone explain to me what this means and how this effects the client and how critical this vulnerability is?

[ranochigo]

In the excerpt, the child transaction does not signal opt-in RBF (nSequence of 0xff_ff_ff_ff) while the parent transaction signals opt-in RBF (nSequence of 0xff_ff_ff_fd). By the virtue of the parent transaction being replaceable, the child transaction should also be replaceable.

This means that without your child transaction also signalling opt-in RBF, reference client do not consider inheritance signalling and thus you cannot execute an RBF with that child transaction. You can see how it affects the various clients in that email as well. It isn't really a "critical" vulnerability in Bitcoin Core, it is just a policy that was defined in BIP125 but never actually enforced. It can be problematic for the applications outlined in that email.

Inherited signaling: Transactions that don't explicitly signal replaceability are replaceable under this policy for as long as any one of their ancestors signals replaceability and remains unconfirmed.

Just to add. For normal transactions, most users in general either wait for a single confirmation before accepting a transaction. Even if they don't, then there isn't a problem because the vulnerability doesn't allow non-replaceable transactions to be replaced. PR has been merged in the main branch, so should be included in the next release.

[NeuroticFish]

Can anyone explain to me what this means and how this effects the client and how critical this vulnerability is?

The money is safe.

This only affects certain RBF transactions, which most people most probably don't do. From what I understand a transaction marked as replaceable may not always actually be replaceable (in the client) although it should be.

[pooya87]

Since BIP125 is not a consensus rule and it doesn't affect anything in bitcoin protocol at all, we can't consider this a Bitcoin vulnerability. As you can see from the list of issues, they are affecting other protocols such as certain contracts in lightning network.