Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tx_memory_pool: make double spends a no-drop offense #9218

Merged
merged 1 commit into from Mar 8, 2024
Merged

tx_memory_pool: make double spends a no-drop offense #9218

merged 1 commit into from Mar 8, 2024
+1 −0

Conversation

jeffro256
Copy link
Contributor

Nodes who see different txs in a double spend attack will drop each other, splitting the network. Issue found by @Boog900.

@jeffro256
tx_memory_pool: make double spends a no-drop offense
7815023 
Nodes who see different txs in a double spend attack will drop each other, splitting the network.
Issue found by @Boog900.
@UkoeHB
Copy link
Contributor

UkoeHB commented Mar 7, 2024

Doesn't this change make it easier to do large-scale double-spend attacks, because now nodes that originate double-spend attacks will stay connected (and hence have higher throughput)?

@SChernykh
Copy link
Contributor

SChernykh commented Mar 7, 2024
edited

Nodes that originate double spends don't get disconnected even with the old code because their "neighbours" haven't seen the other transaction as well.

The only nodes that suffer from disconnects are the ones where both "tx wavefronts" meet, and those are not the attacker's nodes in 99% of cases.

@jeffro256
Copy link
Contributor Author

Let's say that we have 10 nodes with connections:

A <-> B <-> C <-> D <-> E <-> F <-> G <-> H <-> I <-> J

The attacker can start propagating tx T1 at node A and double-spend tx T2 at node J. The flow of txs over time could look like this:

T1                                                    T2
A <-> B <-> C <-> D <-> E <-> F <-> G <-> H <-> I <-> J
---------------------------------------------------------------
T1    T1                                        T2    T2
A <-> B <-> C <-> D <-> E <-> F <-> G <-> H <-> I <-> J
---------------------------------------------------------------
T1    T1    T1                            T2    T2    T2
A <-> B <-> C <-> D <-> E <-> F <-> G <-> H <-> I <-> J
---------------------------------------------------------------
T1    T1    T1    T1                T2    T2    T2    T2
A <-> B <-> C <-> D <-> E <-> F <-> G <-> H <-> I <-> J
---------------------------------------------------------------
T1    T1    T1    T1    T1    T2    T2    T2    T2    T2
A <-> B <-> C <-> D <-> E <-> F <-> G <-> H <-> I <-> J
---------------------------------------------------------------

At this point E and F will drop each other, despite not being close to the origin of the double spend, and we have 2 split networks. In the real world, relationships are much more complicated, so it won't be this easy, but the point remains.

@jeffro256
Copy link
Contributor Author

We could implement a long term mitigation against spamming double spends by keeping a map of key images -> txid per host and checking if if 1 host sent 2 different txs that share 1 key image. Then we could block them

@jeffro256 jeffro256 mentioned this pull request Mar 8, 2024
Merged
@luigi1111 luigi1111 merged commit c23951f into monero-project:master Mar 8, 2024
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SChernykh SChernykh SChernykh approved these changes

Assignees
No one assigned
Labels
discussion proposal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@jeffro256 @UkoeHB @SChernykh @selsta @luigi1111 @0xFFFC0000