CVE-2018-17144

Also covering Duplicate inputs vulnerability

CVE-2018-17144 was a bug that could have allowed an attacker to spend the same bitcoins more than once.

An optimization included in Bitcoin Core 0.14.0 skipped a check on newly-received blocks that was thought to be redundant, making the node willing to partly process blocks that tried to spend the same input more than once. This would trigger some code meant to catch unexpected node operation and cause the node to deliberately crash. This allowed a denial-of-service attack that could be exploited by miners.

The code meant to catch unexpected operation (an assert) was rewritten for Bitcoin Core 0.15.0, unintentionally allowing the node to continue operation in the case of duplication inputs. This allowed a miner to spend the same bitcoins more than once.

The vulnerability was discovered and responsibly disclosed by developer Awemany on 17 September 2018. Patches were available within hours, and a binary release for the current release branch within 36 hours—both only mentioning the DoS vulnerability. After several developers reviewing the patch were able to reverse engineer the bug and discover the inflation risk, a full disclosure was made by Bitcoin Core developers on 20 September 2018.

The bug was never exploited on Bitcoin mainnet and an overwhelming majority of full nodes subsequently updated to unaffected versions of Bitcoin Core.

After the full disclosure, the bug was exploited on Bitcoin testnet, causing any nodes still running Bitcoin Core 0.14.x to crash and nodes running 0.15.0 to 0.16.2 to accept a transaction that spent the same funds more than once. When testnet miners managed to produce a valid chain with more proof-of-work than the invalid chain, those non-upgraded nodes attempted to switch to the new chain but were unable to fully un-spend a double-spent input. This left the old testnet nodes stuck on a lower-proof-of-work block chain, requiring manual user intervention to fix them.

Primary code and documentation

• CVE-2018-17144
• CVE-2018-17144 Full Disclosure
• Bitcoin Core PR #14247: Fix crash bug with duplicate inputs within a transaction

Optech newsletter and website mentions

2019

• Talk summary: Near misses: what could have gone wrong

2018

• 2018 year-in-review: CVE-2018-17144
• CVE-2018-17144 exploited on testnet
• Upgrade to Bitcoin Core 0.16.3 to fix CVE-2018-17144
• Information about CVE-2018-17144

• Upgrade to Bitcoin Core 0.16.3 to fix DoS vulnerability

  
  

Previous Topic:
Cross-input signature aggregation (CISA) Next Topic:
CVEs (various)

Edit page
Report Issue