Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Network-wide DoS using malleable signatures in alerts #101

Open
pennybreak opened this issue Apr 6, 2014 · 0 comments
Open

Network-wide DoS using malleable signatures in alerts #101

pennybreak opened this issue Apr 6, 2014 · 0 comments

Comments

@pennybreak
Copy link

It is my understanding that this has not been addressed in Peercoin or Peershares.

Overview
Bitcoin protocol has an alert system to spread important news regarding the digital currency. Alerts are signed with a private ECDA key, so only the development team can issue new alerts. Nevertheless, prior version 0.7.0, alerts were identified by the hash of the message, which includes the signature. Bitcoin accepts BED-encoded signatures, which are malleable. An attacker build new signatures at a high rate by changing the signature of an alert still in circulation and therefore increasing dramatically the number of valid alerts spreading across the network. This leads to halting all Bitcoin nodes in the network by RAM exhaustion in approximately 4 hours. The attack is persistent, since if a nodes restarted get flooded again by online peers.

References
CVE-2012-4684
Announcement
sigmike pushed a commit to sigmike/peercoin that referenced this issue Oct 25, 2014
@brossi
Merge pull request Peershares#101 from glv2/orphans
850bf0a 
Menu entry in transaction view allowing to clear orphan minted/mined blocks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pennybreak