Regarding CVE-2018-17144 and test cases

3

1

Regarding the serious bug found (CVE-2018-17144) I am note sure if I understand the full scope of it correctly.

As far as I understand, any block containing a double-spend of a transaction output that was spend in any block prior to the mined one would not have been catched as an invalid block?

If that is the case I wonder if the test suite of bitcoin core does not have a test case implemented for this situation?

Bjarne

Posted 2018-09-21T08:02:48.293

Reputation: 752

Answers

5

There are tests for that. The specifically broken pattern was a block containing a single transaction spending the same output, which originated from an earlier block, twice. Testing it without putting it in a block, or splitting up the double spend across multiple transactions weren't sufficient tests.

G. Maxwell

Posted 2018-09-21T08:02:48.293

Reputation: 6 039

Ah, now I understand it. Thanks for clarification! Btw: this is the commit that now tests for this specific pattern? https://github.com/bitcoin/bitcoin/commit/9b4a36effcf642f3844c6696b757266686ece11a

Bjarne 2018-09-21T08:17:23.053

This tests for the crash pattern. I asked for feedback earlier today about posting the test case for the inflation patter, but got asked to hold off. I assume it'll be posted in the next couple days.G. Maxwell 2018-09-21T08:36:07.683

Yeah, please hold off for a bit. There are still other networks that are vulnerable.Murch 2018-09-21T17:31:58.503

Asked: 2018-09-21T08:02:48.293

Viewed: 106 times

Active: 2018-09-21T08:06:17.313