0xB10C on Nostr: Yesterday, the Bitcoin Core project disclosed three vulnerabilities fixed in v25.0. I ...
Yesterday, the Bitcoin Core project disclosed three vulnerabilities fixed in v25.0.
I have old screenshots and observations from the "DoS due to inv-to-send sets growing too large" which I can share now.
(the disclosure explains the bug, this is only extra/visual context)
https://bitcoincore.org/en/2024/10/08/disclose-mutated-blocks-hindering-propagation/
Monitoring the connections of one of my mainnet nodes, I observed that its connections dropped from about 200 to 35 in a matter of hours (image 1)
It turned out that the P2P communication thread of the node was spending a lot of time sorting sets of transactions it wants to announce to other peers, as these sets had grown quite large.
This flamegraph showed that significant time is spent in make_heap to sort the sets... (image 2)
At some points, my node could not keep up the P2P communication with its peers and connections started to drop. Other nodes had the same problem.
https://github.com/bitcoin/bitcoin/issues/27586#issuecomment-1544593209
https://github.com/bitcoin/bitcoin/issues/27623
The sets grew large due a high volume of small one-input one-output transactions (I think something related to BRC-20) being broadcast.
(note: images 3 & 4 show tx in blocks per day, not broadcast tx)
This was amplified by peers that never announce transactions to us (e.g. spy-nodes). For them, the sets remain larger for much longer resulting in more time spent sorting. At the time, I compiled a banlist for some IPs I found to be particularly annoying.
https://github.com/0xB10C/banlist/issues/1
This DoS caused problems in block and transaction propagation. This clearly visible on the KIT DSN Bitcoin monitoring metrics.
https://www.dsn.kastel.kit.edu/bitcoin/
(image 5 & 6)
Another interesting metric is ICMP ping time compared to Bitcoin protocol ping time.
The Bitcoin protocol ping time skyrocketed, while the ICMP ping remained fairly unaffected. The nodes had problems, the servers running them were fine.
(image 7)
PR https://github.com/bitcoin/bitcoin/pull/27610 by ajtowns fixed the problem and it was back ported for the v25.0 release.
At the same time, one of the other disclosed vulnerabilities caused block propagation problems too: nevent1qqspf29q968at872u49vk2u0nzzk03lxv478kq0lz5m609u49cf9hdspzemhxue69uhhqatjwpkx2un9d3shjtnrdakj7q3qkyxqqqq8n2pu7f5pthr48zqcmr2k52vrud6wxzjpg0jsqcyhs3tsxpqqqqqqz7ep4px ...
I have old screenshots and observations from the "DoS due to inv-to-send sets growing too large" which I can share now.
(the disclosure explains the bug, this is only extra/visual context)
https://bitcoincore.org/en/2024/10/08/disclose-mutated-blocks-hindering-propagation/
Monitoring the connections of one of my mainnet nodes, I observed that its connections dropped from about 200 to 35 in a matter of hours (image 1)
It turned out that the P2P communication thread of the node was spending a lot of time sorting sets of transactions it wants to announce to other peers, as these sets had grown quite large.
This flamegraph showed that significant time is spent in make_heap to sort the sets... (image 2)
At some points, my node could not keep up the P2P communication with its peers and connections started to drop. Other nodes had the same problem.
https://github.com/bitcoin/bitcoin/issues/27586#issuecomment-1544593209
https://github.com/bitcoin/bitcoin/issues/27623
The sets grew large due a high volume of small one-input one-output transactions (I think something related to BRC-20) being broadcast.
(note: images 3 & 4 show tx in blocks per day, not broadcast tx)
This was amplified by peers that never announce transactions to us (e.g. spy-nodes). For them, the sets remain larger for much longer resulting in more time spent sorting. At the time, I compiled a banlist for some IPs I found to be particularly annoying.
https://github.com/0xB10C/banlist/issues/1
This DoS caused problems in block and transaction propagation. This clearly visible on the KIT DSN Bitcoin monitoring metrics.
https://www.dsn.kastel.kit.edu/bitcoin/
(image 5 & 6)
Another interesting metric is ICMP ping time compared to Bitcoin protocol ping time.
The Bitcoin protocol ping time skyrocketed, while the ICMP ping remained fairly unaffected. The nodes had problems, the servers running them were fine.
(image 7)
PR https://github.com/bitcoin/bitcoin/pull/27610 by ajtowns fixed the problem and it was back ported for the v25.0 release.
At the same time, one of the other disclosed vulnerabilities caused block propagation problems too: nevent1qqspf29q968at872u49vk2u0nzzk03lxv478kq0lz5m609u49cf9hdspzemhxue69uhhqatjwpkx2un9d3shjtnrdakj7q3qkyxqqqq8n2pu7f5pthr48zqcmr2k52vrud6wxzjpg0jsqcyhs3tsxpqqqqqqz7ep4px ...