Page MenuHomePhabricator
Differential D3492

Merge #13452: rpc: have verifytxoutproof check the number of txns in proof structure
ClosedPublic
Actions

Authored by markblundeberg on Jul 1 2019, 02:05.

Details

Reviewers
deadalnix
jasonbcox
Fabien
Group Reviewers
Restricted Project
Commits
rSTAGINGfa66af56fbf2: Merge #13452: rpc: have verifytxoutproof check the number of txns in proof…
rABCfa66af56fbf2: Merge #13452: rpc: have verifytxoutproof check the number of txns in proof…
Summary

PR13452 backport https://github.com/bitcoin/bitcoin/pull/13452/files
d280617bf569f84457eaea546541dc74c67cd1e4 [qa] Add a test for merkle proof malleation (Suhas Daftuar)
ed82f1700006830b6fe34572b66245c1487ccd29 have verifytxoutproof check the number of txns in proof structure (Gregory Sanders)

Pull request description:

Recent publication of a weakness in Bitcoin's merkle tree construction demonstrates many SPV applications vulnerable to an expensive to pull off yet still plausible attack: https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/

This change would at least allow `verifytxoutproof` to properly validate that the proof matches a known block, with known number of transactions any time after the full block is processed. This should neuter the attack entirely.

The negative is that a header-only processed block/future syncing mode would cause this to fail until the node has imported the data required.

related: #13451

`importprunedfunds` needs this check as well. Can expand it to cover this if people like the idea.
Test Plan

make check
test_runner.py

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markblundeberg created this revision.Jul 1 2019, 02:05
Herald added a reviewer: Restricted Project. · View Herald TranscriptJul 1 2019, 02:05
teamcity added a comment.Jul 1 2019, 02:05

Build Bitcoin-ABC / Diffs / Bitcoin-ABC Diff Testing started.

markblundeberg added a child revision: D3493: Merge #14305: Tests: enforce critical class instance attributes in functional tests, fix segwit test specificity.Jul 1 2019, 02:07
teamcity added a comment.Jul 1 2019, 02:13

Build Bitcoin-ABC / Diffs / Bitcoin-ABC Diff Testing passed.

Harbormaster completed remote builds in B6577: Diff 9831.Jul 1 2019, 02:13
Fabien accepted this revision.Jul 1 2019, 09:42
Fabien added inline comments.
test/functional/test_framework/messages.py
753 ↗(On Diff #9831)

Nit: spaces around the // operator.

This revision is now accepted and ready to land.Jul 1 2019, 09:42
markblundeberg updated this revision to Diff 9862.Jul 1 2019, 16:57

fix // nit

teamcity added a comment.Jul 1 2019, 16:57

Build Bitcoin-ABC / Diffs / Bitcoin-ABC Diff Testing started.

Harbormaster completed remote builds in B6596: Diff 9862.Jul 1 2019, 17:03
teamcity added a comment.Jul 1 2019, 17:03

Build Bitcoin-ABC / Diffs / Bitcoin-ABC Diff Testing passed.

Closed by commit rABCfa66af56fbf2: Merge #13452: rpc: have verifytxoutproof check the number of txns in proof… (authored by Wladimir J. van der Laan <laanwj@gmail.com>, committed by Mark Lundeberg <36528214+markblundeberg@users.noreply.github.com>). · Explain WhyJul 1 2019, 17:43
This revision was automatically updated to reflect the committed changes.
Mark Lundeberg <36528214+markblundeberg@users.noreply.github.com> added a commit: rABCfa66af56fbf2: Merge #13452: rpc: have verifytxoutproof check the number of txns in proof….
Mark Lundeberg <36528214+markblundeberg@users.noreply.github.com> added a commit: rSTAGINGfa66af56fbf2: Merge #13452: rpc: have verifytxoutproof check the number of txns in proof….Sep 19 2019, 00:48

Revision Contents
Changeset List

PathSize
src/
6 lines
rpc/
11 lines
test/
functional/
23 lines
test_framework/
48 lines

Diff 9865

View Options

src/merkleblock.h

Loading...
View Options

src/rpc/rawtransaction.cpp

Loading...
View Options

test/functional/rpc_txoutproof.py

Loading...
View Options

test/functional/test_framework/messages.py

Loading...