14 Jan '13, 2pm
Fixed vulnerability explanation: Why the signature cache is a DoS protection. #bitcoin
I read a transcript of #bitcoin-dev (http://bitcoinstats.com/irc/bitcoin-dev/logs/2012/11/09 ) where jgarzik and, Sipa debated whether the signature cache was a performance optimization or a DoS protection and why. The sig cache is both of them. But the sig cache was included before performance was a problem because of the DoS protection requirement. The following attack against versions prior 0.6.3, e-mailed to Gavin on May-2012, explains it: 1. The attacker creates a transaction that pays 0.01 BTC to 100 different addresses. (The attacker must have 1 BTC). To avoid paying fees, the attacker can divide the transaction into slices, each one below 1 kilobyte.The attacker broadcasts the transactions and waits for confirmation. 2. Afterwards the attacker builds transactions grabbing 100 of his own prevouts and adding an additional prevout that he does not own. This prevout is...