bitcoin-dev

Re: A Free-Relay Attack Exploiting RBF Rule #6

Original Postby Antoine Riard

Posted on: March 28, 2024 18:34 UTC

Sergio Demian Lerner's investigation into CVE-2017-12842 reveals a previously known weakness in Bitcoin's Merkle tree design, which he detailed on his blog (leaf node weakness in Bitcoin Merkle tree design).

Lerner expressed confusion over the widespread underestimation of this vulnerability and the lack of efforts to rectify it, despite its recognition by several developers. This situation underscores a broader issue within the Bitcoin Core development community, where senior developers are often aware of more vulnerabilities than they have the capacity to address. Occasionally, patches released to the public as fixes for minor issues also serve to mitigate more serious underlying problems without explicit acknowledgment.

One specific instance of addressing vulnerabilities involved making non-standard 64 bytes transactions without witness in Bitcoin Core 16.0. This measure added an additional layer of security against block-malleability validation issues, potentially preventing network splits and elevating the difficulty for double-spending attacks against SPV clients. Peter Todd disclosed one such exploitation scenario in June 2018. The discussion transitions to the handling of another vulnerability, referred to as the "free-relay" bandwidth wasting attack. Antoine LDK contrasts the expedited 4-day disclosure period for this vulnerability with the 50-day delay observed for CVE-2021-31876, where the potential for denial-of-service attacks was deemed to outweigh the risks of exposing non-anchor Lightning Network channels. He suggests that a minimum two-week delay would be more appropriate for future disclosures to account for the availability of security list members and domain experts.

Additionally, Antoine highlights the importance of ethical considerations in the disclosure process. He notes that if a satisfactory response or acknowledgment from vendors is not received within a certain timeframe, the reporter may proceed with a full disclosure. However, he also recalls instances of "bad faith" from vendors, reflecting on the challenges faced by security researchers in adhering to ethical information security standards. Lastly, he mentions an unresolved issue in the Lightning Development Kit (LDK), related to the default setting of negotiate_anchors_zero_fee_htlc_tx, which remains unaddressed even in subsequent versions, questioning the priorities of LDK maintainers.