Bitcoin Forum
December 15, 2024, 04:11:36 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: "CVE-2021-31876 Defect in Bitcoin Core's bip125 logic"  (Read 107 times)
Westingcote (OP)
Member
**
Offline Offline

Activity: 110
Merit: 131


View Profile
July 25, 2021, 01:24:38 PM
Last edit: July 25, 2021, 01:43:45 PM by Westingcote
Merited by Welsh (4), ABCbits (2)
 #1

I have been reading some of the vulnerabilities that Bitcoin core has had recently and I do not understand the bullet point below

Quote
Explicit signaling: A transaction is considered to have opted in to
allowing replacement of itself if any of its inputs have an nSequence
number less than (0xffffffff - 1).
Quote
An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff spending an
unconfirmed parent with nSequence <= 0xff_ff_ff_fd should be replaceable as
the child transaction signals "through inheritance". However, the
replacement code as implemented in Core's `PreChecks()` shows that this
behavior isn't  enforced and Core's mempool rejects replacement attempts of
an unconfirmed child transaction.
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html

Can anyone explain to me what this means and how this effects the client and how critical this vulnerability is?
ranochigo
Legendary
*
Offline Offline

Activity: 3052
Merit: 4444


Crypto Swap Exchange


View Profile
July 25, 2021, 01:45:09 PM
Last edit: July 25, 2021, 02:58:26 PM by ranochigo
Merited by Welsh (6), ABCbits (4), Westingcote (3), pooya87 (2), NotATether (2)
 #2

In the excerpt, the child transaction does not signal opt-in RBF (nSequence of 0xff_ff_ff_ff) while the parent transaction signals opt-in RBF (nSequence of 0xff_ff_ff_fd). By the virtue of the parent transaction being replaceable, the child transaction should also be replaceable.

This means that without your child transaction also signalling opt-in RBF, reference client do not consider inheritance signalling and thus you cannot execute an RBF with that child transaction. You can see how it affects the various clients in that email as well. It isn't really a "critical" vulnerability in Bitcoin Core, it is just a policy that was defined in BIP125 but never actually enforced. It can be problematic for the applications outlined in that email.

Inherited signaling: Transactions that don't explicitly signal replaceability are replaceable under this policy for as long as any one of their ancestors signals replaceability and remains unconfirmed.


Just to add. For normal transactions, most users in general either wait for a single confirmation before accepting a transaction. Even if they don't, then there isn't a problem because the vulnerability doesn't allow non-replaceable transactions to be replaced. PR has been merged in the main branch, so should be included in the next release.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
NeuroticFish
Legendary
*
Offline Offline

Activity: 3892
Merit: 6627


Looking for campaign manager? Contact icopress!


View Profile
July 25, 2021, 01:53:12 PM
Merited by Welsh (2)
 #3

Can anyone explain to me what this means and how this effects the client and how critical this vulnerability is?

The money is safe.

This only affects certain RBF transactions, which most people most probably don't do. From what I understand a transaction marked as replaceable may not always actually be replaceable (in the client) although it should be.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3668
Merit: 11107


Crypto Swap Exchange


View Profile
July 26, 2021, 03:08:26 AM
Merited by gmaxwell (5)
 #4

Since BIP125 is not a consensus rule and it doesn't affect anything in bitcoin protocol at all, we can't consider this a Bitcoin vulnerability. As you can see from the list of issues, they are affecting other protocols such as certain contracts in lightning network.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!