Fix crash bug with duplicate inputs within a transaction

[TheBlueMatt]

No description provided.

[laanwj]

tested ACK 9b4a36e

[jamesob]

utACK 9b4a36e

[sdaftuar]

ACK

[MarcoFalke]

utACK 9b4a36e. Checked that the test fails without the fix and passes with the fix.

[ryanofsky]

Slightly tested ACK 9b4a36e, just ran python test with & without fix.

[ryanofsky]

Just noting it looks like this argument can be removed entirely in a future cleanup PR.

Update: Removing the argument was attempted in #14258, but actually turns out not to be a good idea because the optimization will probably be reintroduced in the future (#14258 (comment)).

[gmaxwell]

ACK

[practicalswift]

utACK 9b4a36e

Very nice find @sdaftuar! How did you find this issue?

[luke-jr]

For reference, this issue was assigned CVE-2018-17144

[ftrader]

Could @TheBlueMatt / @sdaftuar outline the responsible disclosure procedures, if any, that were attempted to other projects before publishing these pull requests?

[TheBlueMatt]

The bug was disclosed to other projects simultaneously to it being disclosed to us. We tried to coordinate timelines for release but sadly didn't want to wait much past EST business hours to get people patched so ran out of time.

[zquestz]

Where can I find a detailed description of the impact of this bug? When is the CVE getting published so I can get more clarity on the exact impact? I am seeing all sorts of reports on Twitter and would like to get an accurate assessment of the issue.

[PierreRochard]

Where can I find a detailed description of the impact of this bug? When is the CVE getting published so I can get more clarity on the exact impact? I am seeing all sorts of reports on Twitter and would like to get an accurate assessment of the issue.

Release notes: https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.16.3.md#denial-of-service-vulnerability

More color in today's OpTech newsletter ( https://mailchi.mp/cc96f82565eb/bitcoin-optech-newsletter-13?e=cbe2b70569 ):

Upgrade to Bitcoin Core 0.16.3 to fix denial-of-service vulnerability: a bug introduced in Bitcoin Core 0.14.0 and affecting all subsequent versions through to 0.16.2 will cause Bitcoin Core to crash when attempting to validate a block containing a transaction that attempts to spend the same input twice. Such blocks would be invalid and so can only be created by miners willing to lose the allowed income from having created a block (at least 12.5 XBT or $80,000 USD).

Patches for master and 0.16 branches were submitted for public review yesterday, the 0.16.3 release has been tagged containing the patch, and binaries will be available for download as soon as a sufficient number of well-known contributors have reproduced the deterministic build—probably later today (Tuesday). Immediate upgrade is highly recommended.

[deadalnix]

We tried to coordinate timelines for release [...]

Tell us more about this.

[sickpig]

We tried to coordinate timelines for release but sadly didn't want to wait much past EST business hours to get people patched so ran out of time.

I was among the people who received the anonymous report, even though BU was not affected, and I'm not aware of any kind of effort to "coordinate timelines".

As far as I can tell the list of people to which the bug was disclosed was not exhaustive, not by a long shot, so make sure to have a proper way to tell projects/devs that their code is at risk is a must IMHO.

It would be great to know what were the actions taken to put in places the aforementioned coordination process. The aim is to improve the process in case of new disclosures that could happen in the future.

[Sjors]

Post merge slightly tested 9b4a36e, ran python test without fix which produced the assert.

[biblepay]

Thanks.

[practicalswift]

I would like to thank the researcher who invested time into finding this issue. Impressive finding! Thanks!

[isghe]

Is this bug reproducible in regtest or testnet? Thanks

[Sjors]

@isghe the bug is reproducible on regtest using the Python test from this PR. You need to change CheckTransaction(*tx, state, true) back to CheckTransaction(*tx, state, false) and then run test/functional/p2p_invalid_block.py. The test contains the kind of invalid block that can crash an (unpatched) node. You'll see a crash caused by an assert.

CVE-2018-17144 Full Disclosure, which includes the inflation bug not mentioned above: https://bitcoincore.org/en/2018/09/20/notice/

I assume we'll add a test case for the inflation bug once the dust has settled?

[promag]

I assume we'll add a test case for the inflation bug once the dust has settled?

@gmaxwell already suggested it, also agree.

[ftrader]

The discoverer of CVE-2018-17144 has come forward (for those wishing to express their gratitude, there is an included donation address in the post):

https://medium.com/@awemany/600-microseconds-b70f87b0b2a6

[isghe]

It looks they created with success 0.1 tBTC from nothing, exploiting this bug in testnet3 block 1414411, hash 00000000eba3f43a8624750f39e4520a1678c0dbdf8707bfa4854a12fbf086c5