差点让比特币系统崩塌的600微秒
比特币第四次减半已经完成,这个去中心系统已经成功运行了15年,但在2018年披露出的比特币核心客户端漏洞,直接威胁到比特币系统的稳定,堪称比特币最大的漏洞之一,今天给大家介绍一下,2018年9月20日披露的客户端双花漏洞,CVE-2018-17144。
什么是比特币核心?
比特币核心(Bitcoin Core)由中本聪发起,被认为是"正统"的比特币客户端,也是目前用的最多的,该软件可以验证区块链曾经做过的所有交易,并可以转移资金。
CVE-2018-17144 是什么?
在Bitcoin Core 发布的0.14 - 0.16.2版本中,存在一个极为严重的漏洞,将会导致程序崩溃和双花问题,也就是说一比交易包含的输入可以输出多次,将会造成无限增发,破坏比特币总量2100万枚的共识,造成通货膨胀,后被公共漏洞收录为 CVE-2018-17144。
为什么会有这个漏洞?
这得追溯到2016年,没错虽然是2018年发现的漏洞,但在2016年就已经埋下了伏笔,在2016年一位开发者向Bitcoin Core提出了一个合并
希望删除在交易检查中重复的输入检查,这将节省约600微秒的时间,随后审核者通过了此合并,此时这颗炸弹已经埋下。
在0.14.x版本中,将此漏洞正式上线客户端代码中,此时如果充分利用这个漏洞,将会导致收到广播的客户端崩溃,并不影响链上数据,其他客户端可以对发起攻击节点的广播丢弃掉,并且要触发这个攻击需要攻击者发掘一个区块,这个成本非常高,也只能让部分客户端崩溃,并没给攻击者带来收益。
直到2017年9月发布的0.15版本中,开发者对UTXO数据库的结构进行了优化,偶然的允许了客户端在重复输入的情况下可以继续操作,为此漏洞打开了双花的可能性。
该漏洞是怎么发现的?
在0.15版本发布后,直到2018年9月17日,1年的时间内并没有人发现这个漏洞,直到BCH开发者awemany在中午,坐在海边的小货车里,在BCH代码库中发现这条评论
Check for duplicate inputs — note that this check is slow so we skip it in CheckBlock
awemany感觉到了不对,使用regtest模式测试重复输入的事物,结果直接提示
Wham! assert(), Aborted.
他意识到了这可能会被利用,进而导致通货膨胀和分裂链的危险,并在写到
BitcoinABC does not check for duplicate inputs when processing a block, only when inserting a transaction into the mempool.
This is dangerous as blocks can be generated with duplicate transactions and then sent through e.g. compact block missing transactions and avoid hitting the mempool, creating money out of thin air.
/u/awemany
随后他立即把这个漏洞和修复补丁上报给Bitcoin Core和Bitcoin ABC(BCH开发团队)。
他在回顾中写到,提交完后他松了口气,他发现了一个价值数百万美元的漏洞,这个漏洞对价值1000亿美元(现在是1万2千亿美元)的货币可以产生了巨大影响,事实上,他可以租用算力去做空BTC,这可以让他直接发财,但他没有,他选择上报了漏洞。
当天21:58,Bitcoin ABC发布了补丁,修复了这个漏洞,向广大节点发送了此消息,督促节点升级,在大多数节点完成升级后,对此漏洞进行了完全披露。
然而影响不仅在比特币和BCH还有各种fork比特币核心的山寨币都受到了此漏洞的影响,由于这个漏洞是比特币核心的团队合并的,大家纷纷指责比特币核心团队。
因为600微秒的改动,阴差阳错的导致双花漏洞在链上潜伏了1年的时间,如果这个漏洞一旦被利用,进而可能导致硬分叉,比特币的价格还能有现在这个价格吗?是不是也会和以太坊当年硬分叉一样,诞生另一个ETC。
The fourth halving of Bitcoin has been completed. This decentralized system has been running successfully for years. However, the vulnerability of Bitcoin core client revealed in 2000 directly threatens the stability of Bitcoin system, which is one of the biggest vulnerabilities of Bitcoin. Today, I will introduce to you the vulnerability of double flowers in the client. What is Bitcoin core? Bitcoin core is initiated by Satoshi Nakamoto, which is considered to be the orthodox Bitcoin client and is currently the most used. This software can verify all transactions that have been done by blockchain. What is the money that can be transferred? There is an extremely serious loophole in the released version, which will lead to the program crash and double-flower problem, that is to say, the input contained in the transaction can be output many times, which will cause unlimited additional issuance and destroy the consensus that the total number of Bitcoin is 10,000 pieces, which will cause inflation and then be listed as why this loophole exists. This goes back to 2000. Yes, although the loophole was discovered in 2000, it has already laid the groundwork in 2000. In 2000, a developer proposed a merger to delete it. Repeated input check in the transaction check will save about microseconds, and then the auditor passed the merger. At this time, the bomb has been buried in the version, and this vulnerability is officially launched in the client code. At this time, if this vulnerability is fully utilized, it will cause the client receiving the broadcast to crash, and it will not affect the data on the chain. Other clients can discard the broadcast of the attacking node, and to trigger this attack, the attacker needs to dig a block. This cost is very high and can only make some customers. The end crash did not bring benefits to the attacker until the developer optimized the structure of the database in the version released in October, and accidentally allowed the client to continue to operate under repeated input, which opened up the possibility of double flowers for this vulnerability. How was the vulnerability discovered? No one discovered this vulnerability until the year, month and year after the release of the version, until the developer found this comment in the code base sitting in the van by the sea at noon, and felt that it was not important to test the usage mode. The result of re-input directly reminds him that this may be exploited, which will lead to the danger of inflation and splitting the chain. After writing, he immediately reported this loophole and repair patch to the development team. He wrote in the review that he was relieved after submitting it. He found a loophole worth millions of dollars, which could have a huge impact on the currency worth hundreds of millions of dollars. In fact, he can rent computing power to short, which can make him directly rich, but He didn't choose to report the vulnerability, released a patch on the same day, fixed the vulnerability, and sent this message to the majority of nodes to urge them to upgrade. After most nodes completed the upgrade, this vulnerability was completely disclosed. However, the impact was not only on Bitcoin but also on all kinds of counterfeit coins with Bitcoin core. Because this vulnerability was the merger of Bitcoin core teams, everyone accused the Bitcoin core team of being latent in the chain because of microsecond changes. After years of waiting, if this loophole is exploited, it may lead to a hard fork. Can the price of Bitcoin still have the current price? Will another one be born just like the hard fork of Ethereum? 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。