public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Loki Verloren <loki@cybriq.systems>
To: "bitcoin-dev@lists.linuxfoundation.org"
	<bitcoin-dev@lists.linuxfoundation.org>
Subject: [bitcoin-dev] Minor DoS vulnerability in BIP144 lack of tx witness data size limit
Date: Tue, 11 Oct 2022 05:42:40 +0000	[thread overview]
Message-ID: <Z9_T0sYBHcJS5M21tyvXa6vAhC1YamBRXzTCll31M4peuHdbo25v4rnycfTbZOgNgmxA4rzTGLuU4lxT9o6tft90N_7-pfAgiY8_2BAX4w8=@cybriq.systems> (raw)
In-Reply-To: <6by5pfnBrFYUmFpOtTRyZ0YIxJaKyaJ1tqW3s26_ZHeGZIJssZY0kLvmYqXtoXRK-mMoMbDY-dmKw_mlCUCDYlzolM25ZvkLpr6pvh8t2LY=@cybriq.systems>


[-- Attachment #1.1.1: Type: text/plain, Size: 838 bytes --]


The recent 998 of 999 multisig segwit transaction highlights a problem with BIP144. As the solution applied for btcd shows, effectively a single transaction witness can be the same as the maximum block size.
11000 bytes may not be so unreasonable but now there is a special case with a block over 33k worth of witness data.

A concrete limit should be set on the maximum size of a transaction witness, and this should be discussed in a more general sense about total transaction sizes.

In the absence of a specification, it becomes impossible to properly implement and the status quo devolves to the actual implementation in the bitcoin core repository code.

I think the weight calculation should escalate exponentially to discourage putting transactions like this on the chain. The price was equivalent to about $5 to do this.

[-- Attachment #1.1.2.1: Type: text/html, Size: 1263 bytes --]

[-- Attachment #1.2: publickey - loki@cybriq.systems - 0x7BC3C653.asc --]
[-- Type: application/pgp-keys, Size: 653 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 249 bytes --]

       reply	other threads:[~2022-10-11  5:42 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <6by5pfnBrFYUmFpOtTRyZ0YIxJaKyaJ1tqW3s26_ZHeGZIJssZY0kLvmYqXtoXRK-mMoMbDY-dmKw_mlCUCDYlzolM25ZvkLpr6pvh8t2LY=@cybriq.systems>
2022-10-11  5:42 ` Loki Verloren [this message]
2022-10-11 13:06   ` [bitcoin-dev] Minor DoS vulnerability in BIP144 lack of tx witness data size limit Greg Sanders

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='Z9_T0sYBHcJS5M21tyvXa6vAhC1YamBRXzTCll31M4peuHdbo25v4rnycfTbZOgNgmxA4rzTGLuU4lxT9o6tft90N_7-pfAgiY8_2BAX4w8=@cybriq.systems' \
    --to=loki@cybriq.systems \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox