Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1S2QEN-0001O1-Lr for bitcoin-development@lists.sourceforge.net; Tue, 28 Feb 2012 16:48:51 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.175 as permitted sender) client-ip=209.85.212.175; envelope-from=pieter.wuille@gmail.com; helo=mail-wi0-f175.google.com; Received: from mail-wi0-f175.google.com ([209.85.212.175]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1S2QEM-0004Ov-M5 for bitcoin-development@lists.sourceforge.net; Tue, 28 Feb 2012 16:48:51 +0000 Received: by wibhq12 with SMTP id hq12so1413338wib.34 for ; Tue, 28 Feb 2012 08:48:44 -0800 (PST) Received-SPF: pass (google.com: domain of pieter.wuille@gmail.com designates 10.180.107.68 as permitted sender) client-ip=10.180.107.68; Authentication-Results: mr.google.com; spf=pass (google.com: domain of pieter.wuille@gmail.com designates 10.180.107.68 as permitted sender) smtp.mail=pieter.wuille@gmail.com; dkim=pass header.i=pieter.wuille@gmail.com Received: from mr.google.com ([10.180.107.68]) by 10.180.107.68 with SMTP id ha4mr40691552wib.9.1330447724605 (num_hops = 1); Tue, 28 Feb 2012 08:48:44 -0800 (PST) MIME-Version: 1.0 Received: by 10.180.107.68 with SMTP id ha4mr32248498wib.9.1330447719927; Tue, 28 Feb 2012 08:48:39 -0800 (PST) Received: by 10.223.88.146 with HTTP; Tue, 28 Feb 2012 08:48:39 -0800 (PST) Date: Tue, 28 Feb 2012 17:48:39 +0100 Message-ID: From: Pieter Wuille To: Bitcoin Dev Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (pieter.wuille[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1S2QEM-0004Ov-M5 Subject: [Bitcoin-development] Duplicate transactions vulnerability X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2012 16:48:51 -0000 Hello all, as some of you may know, a vulnerability has been found in how the Bitcoin reference client deals with duplicate transactions. Exploiting it is rather complex, requires some hash power, and has no financial benefit for the attacker. Still, it's a security hole, and we'd like to fix this as soon as possible. A simple way to fix this, is adding an extra protocol rule[1]: Do not allow blocks to contain a transaction whose hash is equal to that of a former transaction which has not yet been completely spent. I've written about it in BIP30[2]. There is a patch for the reference client, which has been tested and verified to make the attack impossible. The change is backward compatible in the same way BIP16 is: if a supermajority of mining power implements it, old clients can continue to function without risk. The purpose of this mail is asking for support for adding this rule to the protocol rules. If there is consensus this rule is the solution, I hope pools and miners can agree to update their nodes without lengthy coinbase-flagging procedure that would only delay a solution. So, who is in favor? [1] https://en.bitcoin.it/wiki/Protocol_rules [2] https://en.bitcoin.it/wiki/BIP_0030 -- Pieter