Cheap way to attack blockchain - page 2.

mezzomix

legendary

Activity: 2618

Merit: 1252

Quote from: keystroke on November 30, 2015, 12:18:13 PM

Nice security research. Can this attack be made profitable, or is it just DoS?

This "attack" is a nuisance just like the HighS malleability.

Quote from: hetecon on November 30, 2015, 12:39:36 PM

Is fixing of this issue requiring a full 'hard forking'

No. As trout already wrote the miners can just take a higher fee for transactions with a large number of SIGOPS.

Quote from: amaclin on November 29, 2015, 06:52:49 PM

1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

They might be interested in the BTC value, too. So it's interesting for them to include all transactions to preserve the value of their BTC.

hetecon

full member

Activity: 462

Merit: 100

Viarium.io - DECENTRALIZED VR WORLD

Is fixing of this issue requiring a full 'hard forking'

trout

sr. member

Activity: 333

Merit: 252

Quote from: amaclin on November 29, 2015, 06:52:49 PM

Quote from: trout on November 29, 2015, 05:38:16 PM

Am I missing something?

1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

2) You are missing that it is almost impossible to upgrade relay policy on thousands of nodes.

BTW. This is funny test.
Miners just raised the minimum fee, leaving a lot of unconfirmed transactions and screaming users.
Blocks are not filled.
Right now mempool on https://tradeblock.com/bitcoin/ is 12mb (note: transactions with a fee less than 5 satoshi per byte are ignored)

https://en.wikipedia.org/wiki/Tragedy_of_the_commons

Edit:
3) Since the start of this stress test the price on exchanges rized up. Everybody likes it Grin

Are you sure that you really want to fix this issue? A lot of people would vote against Grin

I've been just speaking about the default policy in the "Core" client.
In this sense, fixing the issue is trivial.
After such an update miners/ relay nodes are of course still free to run any code they like -
nobody forces them to update their policy

Edit: All I'm saying is that it is easy to make this kind of attack as expensive as the "traditional" block-size-filling spam attack. I'm surprised this is not done yet.

keystroke

hero member

Activity: 900

Merit: 1014

advocate of a cryptographic attack on the globe

Nice security research. Can this attack be made profitable, or is it just DoS?

worhiper_-_

hero member

Activity: 700

Merit: 500

Quote from: BurtW on November 28, 2015, 10:27:46 PM

I would like to thank those that have (re)discovered this attack and shown it to be a viable attack using their own money to prove it.

Is anyone planning a large scale attack using this method? That would be interesting.

How much would it take to fund a sustained attack, for example a 24 hour period?

Quote from: amaclin on August 31, 2015, 03:58:03 AM

Daily attack 5.7024 BTC - not a big deal

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: hetecon on November 29, 2015, 11:46:00 PM

Did they raise min because of this speicif attack?

I can non prove it. Of course, this is a joke. May be with truth in it

hetecon

full member

Activity: 462

Merit: 100

Viarium.io - DECENTRALIZED VR WORLD

Quote from: amaclin on November 29, 2015, 06:52:49 PM

Quote from: trout on November 29, 2015, 05:38:16 PM

Am I missing something?

1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

2) You are missing that it is almost impossible to upgrade relay policy on thousands of nodes.

BTW. This is funny test.
Miners just raised the minimum fee, leaving a lot of unconfirmed transactions and screaming users.
Blocks are not filled.
Right now mempool on https://tradeblock.com/bitcoin/ is 12mb (note: transactions with a fee less than 5 satoshi per byte are ignored)

https://en.wikipedia.org/wiki/Tragedy_of_the_commons

Edit:
3) Since the start of this stress test the price on exchanges rized up. Everybody likes it Grin

Are you sure that you really want to fix this issue? A lot of people would vote against Grin

Did they raise min because of this speicif attack?

amaclin

legendary

Activity: 1260

Merit: 1019

Quote from: trout on November 29, 2015, 05:38:16 PM

Am I missing something?

1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

2) You are missing that it is almost impossible to upgrade relay policy on thousands of nodes.

BTW. This is funny test.
Miners just raised the minimum fee, leaving a lot of unconfirmed transactions and screaming users.
Blocks are not filled.
Right now mempool on https://tradeblock.com/bitcoin/ is 12mb (note: transactions with a fee less than 5 satoshi per byte are ignored)

https://en.wikipedia.org/wiki/Tragedy_of_the_commons

Edit:
3) Since the start of this stress test the price on exchanges rized up. Everybody likes it Grin

Are you sure that you really want to fix this issue? A lot of people would vote against Grin

trout

sr. member

Activity: 333

Merit: 252

the fix seems trivial - calculate the min relay fee (and all the rest of the fee thresholds) based on the size and the number of sigops, rather than the size only. I don't get why it's not in the latest release.
Am I missing something?

hetecon

full member

Activity: 462

Merit: 100

Viarium.io - DECENTRALIZED VR WORLD

Quote from: basil00 on November 29, 2015, 11:40:05 AM

Another attack...last 6 blocks (edit: and counting) have been hit.

Example: #385910 with 19125 fake sigOps. The block is only 200KB despite a 5MB backlog (according to tradeblock). It seems this attack is very effective.

Edit:
#385911 unaffected (enough high-fee legit txs)
#385912 = 18990 fake sigOps, 280KB.
#385913 = 18945 fake sigOps, 281KB.
#385914 = 17325 fake sigOps, 470KB.
...etc.

Wow this is bad news. Any pull requests on githbu to fix this yet?

YarkoL

legendary

Activity: 996

Merit: 1013

Quote from: achow101 on November 29, 2015, 01:18:08 AM

I don't think there really is a fix for this.

Lower priority of P2SH transactions with multiple sig ops?
And/or make them cost more.

basil00

member

Activity: 60

Merit: 10

Another attack...last 6 blocks (edit: and counting) have been hit.

Example: #385910 with 19125 fake sigOps. The block is only 200KB despite a 5MB backlog (according to tradeblock). It seems this attack is very effective.

Edit:
#385911 unaffected (enough high-fee legit txs)
#385912 = 18990 fake sigOps, 280KB.
#385913 = 18945 fake sigOps, 281KB.
#385914 = 17325 fake sigOps, 470KB.
...etc.

USB-S

sr. member

Activity: 574

Merit: 250

In XEM we trust

Quote from: achow101 on November 29, 2015, 01:18:08 AM

Quote from: RealBitcoin on November 29, 2015, 12:44:07 AM

Shit, the devs shoud fix this asap before the word gets out and FUD-ers start screaming the price down.

This is not something that can be easily fixed. The sig op limit is to prevent spamming blocks full of transactions that take a lot of time to process. Yet increasing the limit would mean that more transaction could go in that delay processing even more and a lower limit means that fewer other transactions can make it into the block. I don't think there really is a fix for this.

We'll if you're afraid of confirmation times you could just increase the transaction fee?

However when bitcoin increases in price the said attack wouldn't really be that cost efficient, when people could just mitigate this by increasing their trasaction fee. However couldn't we just implement burn fees if this said spam attack gets way out of hand. You know, just to make the spammers profitable for the rest of us?

achow101

staff

Activity: 3374

Merit: 6530

Just writing some code

Quote from: RealBitcoin on November 29, 2015, 12:44:07 AM

Shit, the devs shoud fix this asap before the word gets out and FUD-ers start screaming the price down.

This is not something that can be easily fixed. The sig op limit is to prevent spamming blocks full of transactions that take a lot of time to process. Yet increasing the limit would mean that more transaction could go in that delay processing even more and a lower limit means that fewer other transactions can make it into the block. I don't think there really is a fix for this.

RealBitcoin

hero member

Activity: 854

Merit: 1007

JAYCE DESIGNS - http://bit.ly/1tmgIwK

Shit, the devs shoud fix this asap before the word gets out and FUD-ers start screaming the price down.

hetecon

full member

Activity: 462

Merit: 100

Viarium.io - DECENTRALIZED VR WORLD

Quote from: BurtW on November 28, 2015, 10:27:46 PM

I would like to thank those that have (re)discovered this attack and shown it to be a viable attack using their own money to prove it.

Is anyone planning a large scale attack using this method? That would be interesting.

How much would it take to fund a sustained attack, for example a 24 hour period?

I think it is not ethical to do this attack, but also interested to know these answers for security purpose.

BurtW

legendary

Activity: 2646

Merit: 1131

All paid signature campaigns should be banned.

I would like to thank those that have (re)discovered this attack and shown it to be a viable attack using their own money to prove it.

Is anyone planning a large scale attack using this method? That would be interesting.

How much would it take to fund a sustained attack, for example a 24 hour period?

lama-hunter

sr. member

Activity: 266

Merit: 250