Hacker News new | comments | show | ask | jobs | submit login

There appears to be a workaround to bypass the assert check in Bitcoin Core 0.16 that allows one to mint new coins by using an input multiple times and it be accepted by the network without crashing. Probably will be waiting until the dust settles on this before publishing that test case though, since it's clearly much more severe than a DoS



O.o wow, that is way worse than I expected.

Do you have a source for where this was written up, or did you come up with this on your own?

I just want to be able to reference back to this in the future. So whenever you decide to publish, I'd love to check it out!


Actually it only seems to be a side effect of our test environment. Using a more realistic environment makes it not effective, sorry for the false alarm


Hey thanks for the update!

But I'd encourage you to do a bit more investigation.

According to Bitcoin core, there is an inflation vulnerability.

https://bitcoincore.org/en/2018/09/20/notice/

So maybe you weren't too far off from independently discovering the vulnerability yourself.

Edit: apparently you were credited in discovering the vulnerability yourself in the very discloser that I linked.

Congrats!


The credit is currently wrong, it should belong to one of the developers on my team, David Jaenson.

My comment was an early disclosure before I fully understood how sensitive the details were. Even without going into detail or providing any code it was very irresponsible of me to off hand just mention that possibility. It didn't click how sensitive things were until a bitcoin core dev confirmed it. Sorry anyone who sees this. I merely reported the exploit, David Jaenson is our genius security researcher that definitely should deserve all credit.


Yeah. I'd rather you hadn't done that personally.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: