Pages:
Author

Topic: Cheap way to attack blockchain - page 3. (Read 28257 times)

newbie
Activity: 26
Merit: 0
November 28, 2015, 06:57:58 AM
#94
Quote
You either dont understand what Bitcoin is  Grin

I wrote my Bachelor Thesis about Bitcoin and developed a Paper Wallet site: moneyart.info
I know a lot about Bitcoin.
full member
Activity: 140
Merit: 100
November 27, 2015, 09:36:02 PM
#93
Each such transaction costs 0.00045 for dishonest attacker (can be even less)
88 transactions (attack one block) will cost only 0.0396 BTC
Daily attack 5.7024 BTC - not a big deal

Wanna hire me for this dirty job?  Grin

Main "weakness" for this attack is that miners could easily just ignore those transactions, without involving any hard fork.

Only the pools that accept those transactions *and* that do not prioritize transactions in a block by total fee would be impacted, pools that build their blocks based on max fee they can rack in a block would automatically eliminate them, they may just need to take the SIGOPS limit into their block optimization code, but that's all.

In practice only the "faucet pools", those that accept zero-fee tx and do not prioritize tx would likely feel the attack.

So the practical spamming would be limited to relaying and the mempool, so no biggy.
Yes this is right...once problem is identified it is easy for miners to ignore and fix the attack.
legendary
Activity: 1260
Merit: 1019
legendary
Activity: 996
Merit: 1013
November 27, 2015, 12:01:59 PM
#91

You guys ought to be grateful for amaclin for doing security
testing and even paying for it out of his own pockets.
legendary
Activity: 1260
Merit: 1019
November 27, 2015, 02:38:09 AM
#90
No, it is not your right to spam the blockchain, you simply have the ability.
Just because I have the ability to rob a store does not make it my right to do so. Same applies here.
There is no law, no punishment for doing this.
There are only consensus rules and mining policy in bitcoin.
So, in this case right=ability. These are different apples.  Grin
staff
Activity: 3458
Merit: 6793
Just writing some code
November 27, 2015, 01:54:59 AM
#89
Why would you want to spam the blockchain.
Because I have a right
No, it is not your right to spam the blockchain, you simply have the ability. Just because I have the ability to rob a store does not make it my right to do so. Same applies here.
legendary
Activity: 1260
Merit: 1019
November 27, 2015, 12:51:26 AM
#88
Why would you want to spam the blockchain.
Because I have a right
full member
Activity: 462
Merit: 100
Viarium.io - DECENTRALIZED VR WORLD
November 27, 2015, 12:44:18 AM
#87
Why would you want to spam the blockchain.
legendary
Activity: 1260
Merit: 1019
November 25, 2015, 01:47:49 AM
#86
that kind of spamming will be really popular in future.
doubt
Quote
If you add some text to each transaction and send it, it will works same as email spam
Are you sure that you really understand me? and the point of SIGOPs "block fulling" attack?
Have a look:
https://bitcointalksearch.org/topic/storing-large-data-in-blockchain-1023190
http://webbtc.com/tx/300503d19fb80a083723ccfb43d54278f2555838595c3443907156bc9889aeec (stored today)
https://github.com/petertodd/python-bitcoinlib/blob/master/examples/publish-text.py
hero member
Activity: 759
Merit: 500
November 24, 2015, 03:31:31 PM
#85
that kind of spamming will be really popular in future. If you add some text to each transaction and send it, it will works same as email spam
legendary
Activity: 1260
Merit: 1019
November 24, 2015, 11:44:47 AM
#84
By the way, politicians still dont understand what Bitcoin is.
You either dont understand what Bitcoin is  Grin
newbie
Activity: 26
Merit: 0
November 24, 2015, 11:08:36 AM
#83
Quote
Governments do not need to "destroy" bitcoin.
Because there is no danger from it.

Governments steal our money but because they have to pay so much interest on debt there is no money left for a bitcoin attack.

By the way, politicians still dont understand what Bitcoin is. Good for us, because when criminals dont understand something they dont want to steal it.
member
Activity: 60
Merit: 10
November 23, 2015, 08:02:10 PM
#82
I changed my mind

At least the attack is proven to work in practice.
legendary
Activity: 1260
Merit: 1019
November 23, 2015, 12:52:33 PM
#81
I thought this would be against your policy of not spending money on attacks?
I changed my mind
member
Activity: 60
Merit: 10
November 23, 2015, 09:19:38 AM
#80

Another attack, this time block #384831's sigOp limit was hit.

Is this you amaclin?  I thought this would be against your policy of not spending money on attacks?

legendary
Activity: 1260
Merit: 1019
sr. member
Activity: 318
Merit: 260
November 09, 2015, 05:16:19 PM
#78
So are people actually trying to attack Blockchain? I thought it was fairly secure..

The crypto is till quantum computers. The design and economics not so much. The currency itself changes hundredths in seconds and has arbitrary fees.. It wasn't well thought out and anyone who learned programming two years ago are writing tools and solutions for it because it's marketable..

It's trivial to spam and fork the blockchain for anyone with little research..

Governments and botnet industry will eventually start looking for way to exploit things.
newbie
Activity: 16
Merit: 0
November 09, 2015, 04:03:24 PM
#77
So are people actually trying to attack Blockchain? I thought it was fairly secure..
sr. member
Activity: 318
Merit: 260
November 09, 2015, 03:27:56 PM
#76
Worse case scenerio: Buffer Overflow->Code Execution in poorly coded clients.

This is a specific DoS attack vector that has nothing to do with buffer overflows.

The worse case scenario is that no transactions are confirmed for a while until centralized mining intervenes.

It depends on what controls the allocation in code. If it's secure it puts x bytes in a x bytes buffer after a verified pointer in meta data with no parsing except after allocation of said buffer. Otherwise it can likely be exploited for code execution through malicious hashing&encoding.

Even if it's not the case here with the reference implementation, that doesn't mean it's not the case with other full clients.

If we're going to raise alerts over dos and block spamming I could easily post a python script that fork-spams the block-chain and bloats it with orphan blocks. I'm more interested in programming flaws though and not the genius currency design that changes hundredths at second intervals and has arbitrary fees..

EDIT: I only mention it because it's obvious that the reference implementation and all the clients based on it just blindly allocate and mine on the block-chain.. At some point malicious people will exploit it..
newbie
Activity: 1
Merit: 0
November 09, 2015, 06:51:09 AM
#75
Hi,

im not a technical guy, but i would fear to use a system, running on a not a self-devloped op. system. Since Snowden we know, how the US try to keep up his superiority above the net. It is possible to defect some of the major op.systems, so large part of the Bitcon system can be compromised on the next op.system update. The Bitcoin Core only a program running above the op. system.
Pages:
Jump to: