* [bitcoin-dev] Minor DoS vulnerability in BIP144 lack of tx witness data size limit
[not found] <6by5pfnBrFYUmFpOtTRyZ0YIxJaKyaJ1tqW3s26_ZHeGZIJssZY0kLvmYqXtoXRK-mMoMbDY-dmKw_mlCUCDYlzolM25ZvkLpr6pvh8t2LY=@cybriq.systems>
@ 2022-10-11 5:42 ` Loki Verloren
2022-10-11 13:06 ` Greg Sanders
0 siblings, 1 reply; 2+ messages in thread
From: Loki Verloren @ 2022-10-11 5:42 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1.1.1: Type: text/plain, Size: 838 bytes --]
The recent 998 of 999 multisig segwit transaction highlights a problem with BIP144. As the solution applied for btcd shows, effectively a single transaction witness can be the same as the maximum block size.
11000 bytes may not be so unreasonable but now there is a special case with a block over 33k worth of witness data.
A concrete limit should be set on the maximum size of a transaction witness, and this should be discussed in a more general sense about total transaction sizes.
In the absence of a specification, it becomes impossible to properly implement and the status quo devolves to the actual implementation in the bitcoin core repository code.
I think the weight calculation should escalate exponentially to discourage putting transactions like this on the chain. The price was equivalent to about $5 to do this.
[-- Attachment #1.1.2.1: Type: text/html, Size: 1263 bytes --]
[-- Attachment #1.2: publickey - loki@cybriq.systems - 0x7BC3C653.asc --]
[-- Type: application/pgp-keys, Size: 653 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 249 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bitcoin-dev] Minor DoS vulnerability in BIP144 lack of tx witness data size limit
2022-10-11 5:42 ` [bitcoin-dev] Minor DoS vulnerability in BIP144 lack of tx witness data size limit Loki Verloren
@ 2022-10-11 13:06 ` Greg Sanders
0 siblings, 0 replies; 2+ messages in thread
From: Greg Sanders @ 2022-10-11 13:06 UTC (permalink / raw)
To: Loki Verloren, Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 1361 bytes --]
There are a number of issues with adding arbitrary size restrictions to
consensus(I personally think it's additional complexity for negative gain),
but most of all this may resolve in burned coins.
On Tue, Oct 11, 2022 at 6:22 AM Loki Verloren via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> The recent 998 of 999 multisig segwit transaction highlights a problem
> with BIP144. As the solution applied for btcd shows, effectively a single
> transaction witness can be the same as the maximum block size.
>
> 11000 bytes may not be so unreasonable but now there is a special case
> with a block over 33k worth of witness data.
>
> A concrete limit should be set on the maximum size of a transaction
> witness, and this should be discussed in a more general sense about total
> transaction sizes.
>
> In the absence of a specification, it becomes impossible to properly
> implement and the status quo devolves to the actual implementation in the
> bitcoin core repository code.
>
> I think the weight calculation should escalate exponentially to discourage
> putting transactions like this on the chain. The price was equivalent to
> about $5 to do this.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 2249 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-10-11 13:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <6by5pfnBrFYUmFpOtTRyZ0YIxJaKyaJ1tqW3s26_ZHeGZIJssZY0kLvmYqXtoXRK-mMoMbDY-dmKw_mlCUCDYlzolM25ZvkLpr6pvh8t2LY=@cybriq.systems>
2022-10-11 5:42 ` [bitcoin-dev] Minor DoS vulnerability in BIP144 lack of tx witness data size limit Loki Verloren
2022-10-11 13:06 ` Greg Sanders
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox