Author of slow fog security team background

Bitcoin-abc’s official website posted on May 7:

The Bitcoin-ABC development team was reported by an anonymous source on April 26 that bitcoin-ABC 0.17.0 and below clients used by Bitcash miners had a serious vulnerability. After analyzing the vulnerability, the development team updated the patch, released client version 0.17.1 and sent the software to the BCH pool.

Vulnerability analysis

Slow fog security team through the analysis of bitcoins – ABC commit fixing code (https://reviews.bitcoinabc.org/D1313) come to the conclusion:

BCH mining program Bitcoin-ABC fork vulnerability analysis

Starting at line 70 of the SRC /script/sighashtype.h file, the function name is officially changed and the baseType parameter value is adjusted, By BaseSigHashType (sigHash & 0 x1f) updated to BaseSigHashType (sigHash & ~ (SIGHASH_FORKID | SIGHASH_ANYONECANPAY)).

BCH mining program Bitcoin-ABC fork vulnerability analysis

The SRC /script/sighashtype.h header defines the constants SIGHASH_FORKID and SIGHASH_ANYONECANPAY as 0x40 and 0x80.

So ~ (SIGHASH_FORKID | SIGHASH_ANYONECANPAY) x3f result is 0.

Assuming that sigHash is 0x21, convert the sigHash to binary: 0x1F = 0B00011111, 0x21 = 0B00100001, 0x3F = 0B00111111.

In 0.17.0, the check bit is 0x1f. In 0.17.1, the check bit is 0x3f. BaseType calculation procedure 0x21&0x1f = 1, 0x01&0x1f is also 1; After the verification bit was updated to 0x3F in version 0.17.1, baseType was 0x21&0x3F = 21, which was not in the valid range and was filtered out, so the 0x20 problem was fixed.

Holes affect

According to bitcoin-ABC developers, the bug could inadvertently trigger a fork in the BitCash network. An attacker can construct a malicious transaction that can be accepted and packaged into the block by a miner of Bitcoin-ABC 0.17.0 and below. However, other bit-cash-compatible mining applications such as the Bitcoin Unlimited client will refuse to accept this block.

“Both BUCash and bitcoin-ABC client versions prior to 0.17.0 could be split from the main chain — only Bitcoin-ABC and BUCash nodes were included in the vulnerability analysis.” Said the development team.

“Bitcoin ABC handled the issue very professionally and responsibly — they quickly fixed the bug and privately sent [the software] to the miners, thereby reducing the risk of a blockchain fork.” Shaun Chong, CEO of Bitcoin.com Mine Pool.