Re: [bitcoindev] A Free-Relay Attack Exploiting RBF Rule #6

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Peter Todd <pete@petertodd•org>
To: Antoine Riard <antoine.riard@gmail•com>
Cc: Steve Lee <steven.j.lee@gmail•com>,
	"David A. Harding" <dave@dtrt•org>,
	bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] A Free-Relay Attack Exploiting RBF Rule #6
Date: Thu, 28 Mar 2024 19:16:22 +0000	[thread overview]
Message-ID: <ZgXCBhL2E6UECXVJ@petertodd.org> (raw)
In-Reply-To: <CALZpt+EK26=E6U9OdY+c9LVQnGtb-f5zzKt5RTwBoHpr_SSxcA@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 3215 bytes --]

On Thu, Mar 28, 2024 at 06:34:42PM +0000, Antoine Riard wrote:
> Hi Steve,
> 
> > He literally cites a reference to an example.
> 
> About CVE-2017-12842,  the report of Sergio Demian Lerner available here
> gives more information on the reporting process of the vulnerability:
> https://bitslog.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/
> 
> I'll attract attention on the following words of Sergio himself:
> 
> "and as I said in the first paragraph, the weakness was already known by
> some developers. But I still don't understand (1) why so many people knew
> about it but underestimated it badly, (2) why there was no attempt to fix
> it."

I do not consider CVE-2017-12842 to be serious. Indeed, I'm skeptical that we
should even fix it with a fork. SPV validation is very sketchy, and the amount
of work and money required to trigger CVE-2017-12842 is probably as or more
expensive than simply creating fake blocks.

Sergio's RSK Bridge contract being vulnerable to it just indicates it was a
reckless design.

> I believe in the present "free-relay" bandwidth wasting, letting a minimal
> 2-weeks delay would have been more reasonable. Security list members might
> be in flight travels or at conferences, or under other operational
> constraints and domain experts in the area of transaction-relay might not
> be available to give full-fledged answers. Even if you have private
> contacts of someone, don't rush them to get an answer when it can be
> midnight in their time zones and they're recovering from jet lags.

To be clear, in this particular case I had specific, insider, knowledge that
the relevant people had in fact seen my report and had already decided to
dismiss it. This isn't a typical case where you're emailing some random company
and don't have any contacts. I personally knew prior to publication that the
relevant people had been given a fair chance to comment, had chosen not to, and
I would likely receive no response at all. Which is really annoying as I have
my own deadlines for (paid) things this research was relevant to: much more
useful to me to get the issue published publicly, so I can get actual comments
from people like yourself, and move forward with my work.

I'm not going to say anything further on how I knew this, because I'm not about
to put up people who have been co-operating with me to the risk of harassment
from people like Harding and others; I'm not very popular right now with many
of the Bitcoin Core people working on the mempool code.

Anyway, I think the lesson learned here is it's probably not worth bothering
with a disclosure process at all for this type of issue. It just created a
bunch of distracting political drama when simply publishing this exploit
variation immediately probably would not have.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZgXCBhL2E6UECXVJ%40petertodd.org.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

next prev parent reply	other threads:[~2024-03-28 19:29 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-27 17:18 David A. Harding
2024-03-27 18:04 ` Peter Todd
2024-03-27 19:50   ` David A. Harding
2024-03-27 20:30     ` Peter Todd
2024-03-27 22:05       ` Steve Lee
2024-03-28 18:34         ` Antoine Riard
2024-03-28 19:16           ` Peter Todd [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-03-18 13:21 Peter Todd
2024-03-19 12:37 ` Nagaev Boris
2024-03-19 13:46   ` Peter Todd
2024-03-23  0:29     ` Nagaev Boris
2024-03-26 18:36 ` David A. Harding
2024-03-27  6:27   ` Antoine Riard
2024-03-27 12:54     ` Peter Todd

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZgXCBhL2E6UECXVJ@petertodd.org \
    --to=pete@petertodd$(echo .)org \
    --cc=antoine.riard@gmail$(echo .)com \
    --cc=bitcoindev@googlegroups.com \
    --cc=dave@dtrt$(echo .)org \
    --cc=steven.j.lee@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox