|
| 1 | +--- |
| 2 | +title: Disclosure of hindered block propagation due to stalling peers |
| 3 | +name: blog-disclose-stalling-peers-hindering-propagation |
| 4 | +id: en-blog-disclose-stalling-peers-hindering-propagation |
| 5 | +lang: en |
| 6 | +type: advisory |
| 7 | +layout: post |
| 8 | + |
| 9 | +## If this is a new post, reset this counter to 1. |
| 10 | +version: 1 |
| 11 | + |
| 12 | +## Only true if release announcement or security announcement. English posts only |
| 13 | +announcement: 1 |
| 14 | + |
| 15 | +excerpt: > |
| 16 | + A peer could hinder block propagation by announcing blocks first and then simply withholding the block. |
| 17 | +--- |
| 18 | + |
| 19 | +Before Bitcoin Core v25.1, an attacker can cause a node to not |
| 20 | +download the latest block. |
| 21 | + |
| 22 | +This issue is considered **Medium** severity. |
| 23 | + |
| 24 | +## Details |
| 25 | + |
| 26 | +When receiving a new block announcement via a headers or compact |
| 27 | +blocks message, the delivering peer is requested either the full |
| 28 | +block or missing transaction details by the receiving node. If |
| 29 | +the announcing peer then doesn't respond as the peer to peer |
| 30 | +protocol requires, the affected Bitcoin Core node will wait |
| 31 | +up to 10 minutes before disconnecting the peer and making another |
| 32 | +block download attempt. If the attacker is able to |
| 33 | +make multiple incoming or outgoing connections, this process |
| 34 | +can be repeated. |
| 35 | + |
| 36 | +Delaying block delivery can cause network degradation by slowing down network convergence, |
| 37 | +making mining payouts less fair, and causing liveliness issues. |
| 38 | + |
| 39 | +This issue was further exacerbated by other issues disclosed recently (for |
| 40 | +instance the [inventory build-up](https://bitcoincore.org/en/2024/10/08/disclose-large-inv-to-send/)), |
| 41 | +when mempools were relatively heterogeneous, disallowing |
| 42 | +opportunistic reconstruction of compact blocks by honest peers. |
| 43 | + |
| 44 | +A mitigation was introduced in [#27626](https://github.com/bitcoin/bitcoin/pull/27626), |
| 45 | +introduced in Bitcoin Core v26.0 and backported to v25.1. |
| 46 | +It ensures that blocks can be requested concurrently from up to 3 |
| 47 | +high-bandwidth compact block peers, one of which is required |
| 48 | +to be an outbound connection. |
| 49 | + |
| 50 | +## Attribution |
| 51 | + |
| 52 | +Reported and fixed by Greg Sanders. |
| 53 | + |
| 54 | +## Timeline |
| 55 | + |
| 56 | +- 2023-05-08 - Users reporting block timeouts in the [#bitcoin-core-dev IRC channel](https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2023-05-08) |
| 57 | +- 2023-05-09 - First github issues describing the issue https://github.com/bitcoin/bitcoin/issues/25258#issuecomment-1540028533 |
| 58 | +- 2023-05-11 - Mitigation PR opened https://github.com/bitcoin/bitcoin/pull/27626 |
| 59 | +- 2023-05-24 - PR merged prior to Bitcoin Core v26.0 |
| 60 | +- 2023-05-25 - Backport to Bitcoin Core v25.1 merged https://github.com/bitcoin/bitcoin/pull/27752 |
| 61 | +- 2023-10-19 - Bitcoin Core v25.1 Released |
| 62 | +- 2024-11-05 - Public disclosure |
| 63 | + |
| 64 | +{% include references.md %} |
0 commit comments