Fix mempool DoS vulnerability from malleated transactions #8312
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
After more investigation, I've concluded that fixing this for segwit is more complicated than the couple of patches here (I will document the issues more fully in #8279). However, to fix this issue for 0.13.0, we can simply move the We can separately consider the best way to fix these types of issues more generally after branching off for 0.13. |
Moves the IsStandard check to happen after the premature-witness check, so that adding a witness to a transaction can't prevent mempool acceptance. Note that this doesn't address the broader category of potential mempool DoS issues that affect transactions after segwit activation.
Check that pre-segwit activation, unnecessary witnesses won't cause a txid to be permanently rejected.
sdaftuar
force-pushed
the
mempool-malleability
branch
from
99b983d
to
46c9620
Compare
|
Updated with a simple fix for 0.13.0. |
|
Thanks for fixing this problem and adding a test, too |
| @@ -68,7 +69,7 @@ def on_pong(self, conn, message): | |||
|
|
|||
| def on_reject(self, conn, message): | |||
| self.last_reject = message | |||
| #print message | |||
| #print (message) | |||
There was a problem hiding this comment.
It is just a comment. Don't consider it a blocker of anything.
|
Lightly tested ACK 46c9620 |
|
utACK 46c9620 |
laanwj
added a commit
that referenced
this pull request
Jul 14, 2016
46c9620 Test that unnecessary witnesses can't be used for mempool DoS (Suhas Daftuar) bb66a11 Fix DoS vulnerability in mempool acceptance (Suhas Daftuar)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #8279In addition to the problem highlighted in that issue, there's an additional, related problem in the sigops policy check. Because witness sigops are counted without checking that the witness program matches the commitment in the scriptPubKey being spent, it's possible to change a transaction's witness to cause the sigops policy check to fail, without changing the txid.
Similarly, because the bytes-per-sigop check is affected by the size of the transaction including the witness, it's possible to even remove a witness and cause that sigops check to fail, again without changing the txid.
So this PR does the following:Moves the IsStandard check to happen after checking for premature-witness. (This should prevent the bug reported in Mempool DoS risk in segwit due to malleated transactions #8279 from possibly affecting 0.13.0 nodes, which should never accept witness transactions.)Changes IsStandard to set a bool which will indicate if the transaction could be malleated, so that the caller can act appropriately.Reorders the checks in IsStandard so that the size check is performed last, and sets the could-be-malleated bool if the test fails.Changes the error for sigops failure to always set the could-be-malleated flag.Adds tests to p2p-segwit.py to catch both scenarios.