My replace-by-fee patch is now available for the Bitcoin Core v0.10.2
release:

    https://github.com/petertodd/bitcoin/tree/replace-by-fee-v0.10.2

This release fixes a serious DoS attack present in previous releases.
Upgrading is strongly recommended for relay nodes, and mandatory for
miners. Users of Luke-Jr's gentoo distribution should either disable RBF
until a patch is released, or run their node behind a patched node.

Previously replacements that spent outputs the transactions they
conflicted with would be accepted. This would lead to orphaned
transactions in the mempool, a potential bandwidth DoS attack for relay
nodes, and even worse, on mining nodes would cause Bitcoin to crash when
CreateNewBlock() was called.

Thanks goes to to Suhas Daftuar for finding this issue.


Additionally, while investigating this issue I found that
Andresen/Harding's relay doublespends patch¹, included in Bitcoin XT²,
also fails to verify that doublespends don't spend outputs of the
transactions they conflict with. As the transactions aren't accepted to
the mempool the issue is simply a variant of the bandwidth DoS attack
that's a well-known issue of Bitcoin XT. However, interestingly in
testing I found that Schildbach's Android Bitcoin Wallet³ fails to
detect this case, and displays the transaction as a valid unconfirmed
transaction, potentially leading to the user being defrauded with a
doublespend.  While a well-known issue in general - Schildbach's
implementation trusts peers to only send it valid transactions and
doesn't even detect doublespends it receives from peers - it's
interesting how in this case the attacker doesn't need to also do a
sybil attack.

1) https://github.com/bitcoin/bitcoin/pull/3883
2) https://github.com/bitcoinxt/bitcoinxt
3) https://play.google.com/store/apps/details?id=de.schildbach.wallet

-- 
'peter'[:-1]@petertodd.org
0000000000000000026ca21b4a83e1a818be96db4b532b7e9be2f60d47efff0a