A widespread bug has compromised a special type of bitcoin transaction that is supposed to discourage miners from cheating, new research shows.
In a report released in late April, pseudonymous engineer 0xb10c found more than a million of these “timelocked” transactions made between September 2019 and March 2020 were not accurately enforced by the network. This increases the risk of a hypothetical form of attack in which miners could essentially steal bitcoin from other miners. The bug affects 10% of timelocked transactions, or 2% of bitcoin transactions overall.
The findings highlight a key area of bitcoin research that aims to stop miners from growing too powerful or cheating in various ways so the world’s largest cryptocurrency, with a market capitalization worth around $173 billion, works as designed. 0xb10c is one of a global network of developers and researchers battle-testing the network, to guard against even theoretical attacks that so far haven’t been much of an issue.
A timelocked transaction prevents the recipient of bitcoin from accessing it right away. Instead, the person must wait until the network has added a certain number of blocks to the ledger. Since each new block takes about 10 minutes to record, a timelock can be programmed to expire at an approximate point in the future by setting a corresponding block height.
One use case for this feature is as a form of vesting – startup Blockstream has paid employees in timelocked bitcoin, for instance, which theoretically gives them an incentive to do what’s best for the network’s long-term value.
But the faulty timelocks 0xb10c detected had a more immediate purpose. Set for the current block (so they are not valid until one block later) they are designed to make “a potentially disruptive mining strategy, called fee-sniping, less profitable,” 0xb10c said.
With fee-sniping, a malicious miner tries to replace a block someone else just mined with their own, including the same transactions plus potentially other transactions that are still pending. The timelock prevents them from including the latter, limiting the spoils from the attack so it’s not worth the bother.
A long-term risk
The likelihood of such an attack might increase as transaction fees, which users pay to prioritize their payments, become a more important source of income for miners. Right now, miners mostly rely on block rewards of newly minted bitcoin to cover their costs. But this revenue stream decreases over time, as the Bitcoin network’s recent halving shows.
“Currently, not enforcing a timelock to an absolute block height does not have consequences for the majority of transactions. In a few years, when the block reward consists mainly of transaction fees, it might make fee-sniping more profitable,” 0xb10c told CoinDesk.
Hence, the bug could be harmful to the wider network. But right now, it’s most likely a “low-priority” problem to fix for most wallet services because it doesn’t result in users losing money or affect timelocks set further into the future, 0xb10c said.
Plus, the bug is a privacy leak for users. The oddly formed timelock is different from all the other timelocks on the network, so it’s easy for blockchain voyeurs to see that the transaction is coming from a particular wallet.
Many of the faulty transactions 0xb10c detected were made by a single large entity, which he did not name. The engineer said he reached out to the entity producing the buggy software, who responded “professionally,” he said, coming up with a solution to the problem. It might take time for the solution to roll out, however.
“A fix for this has been released in early 2020. However, it will take a while before all instances of the currently deployed software are upgraded,” he said.
0xb10c hopes his research will raise awareness of the risk of fee-sniping attacks so wallets that haven’t set the time locked transactions correctly can make the fix, making the Bitcoin network a little more robust.
He was able to pinpoint and contact the largest entity producing these flubbed transactions, but there are others out there making the same mistake.
“It’s hard to find the respective implementations creating these transactions,” 0xb10c said. “Some of them might not be open source, making it even harder.”