BUIR-2017–2–23: Statement regarding network-wide Bitcoin client failure

(Chinese translation below)

On Feb 23, 2017 and Mar 6, 2017 approximately 5% of the “Satoshi” Bitcoin clients (Core, Unlimited, XT) temporarily dropped off of the network. Please see 1, 2, and zoom here into a date range around Feb 23. [EDIT: There has been some confusion about the 2 screen shots because the first one does not show the Satoshi:0.13.2 client in the key (although it is shown in the graph). This is likely a bug in the “bitnodes.21.co” graphing. The omission of the client in the key is not relevant to this BUIR. If you look at the actual data via the bitnodes API here and here, (note search for “total_nodes”) you will see the approximate 5% drop, from 6213 to 5811 nodes. ]

Analysis of logs of full nodes around that time shows repeated “PROCESSMESSAGE: INVALID MESSAGESTART” error messages. These messages occur when a node connects and sends some bad data to another node. Our analysis of the effects of the PROCESSMESSAGE: INVALID MESSAGESTART code path shows a rare possibility of node crashes. This could explain the temporary node loss.

Although we cannot be certain that these messages are deliberate, we are seeing an abnormal, hard-to-create input result in a negative outcome so we are classifying this as a network attack. We have therefore chosen to follow responsible disclosure procedures even though so far the negative effects of this attack have been minimal. Please limit the communication of this issue to miners, Bitcoin enterprises, and client developers until patches are available and upgrades complete.

We have implemented 2 classes of fixes in the Bitcoin Unlimited release. First, we have identified the root-cause of the node crashes and fixed them. Second, we have added a 4 hour ban for any node that causes an “INVALID MESSAGESTART” error. Since the attack appears to be probabilistic (requiring potentially hundreds of “INVALID MESSAGESTART” errors for a single failure), the 4 hour ban will deny an attacker the ability to cause the error, even if we missed a root cause fix.

This is not a critical issue because the likelihood of node failure appears to be just 5%. However, it is possible that the attacker may raise this failure rate by crafting more effective attack sequences, or using more machines to attack the network. Therefore we urge that you upgrade to Bitcoin Unlimited version or a patched version of a different client in the near future.

BUIR-2017–2–23: 全网范围内比特币客户端故障声明

2017年2月23日和2017年3月6日,约5%的“中本聪”比特币客户端(Bitcoin Core,Bitcoin Unlimited,XT)暂时性地连不到网络(详见1,2,点这里可以看到2月23日左右的数据范围)。 对该时间段完整节点的日志分析显示重复的“PROCESSMESSAGE:INVALID MESSAGESTART”出错信息。 当节点连接并发送一些不良数据到另一个节点时,会出现这些信息(PROCESSMESSAGE:INVALID MESSAGESTART)。 我们对PROCESSMESSAGE:INVALID MESSAGESTART代码路径的影响的分析显示了罕见的节点崩溃的。 这就是为什么节点会暂时性丢失。


我们已经在Bitcoin Unlimited版本中实现了2类修复。 首先,我们已经确定了节点崩溃的根本原因,并修复了它们。 其次,我们对导致“INVALID MESSAGESTART”错误的任何节点添加了4小时的禁令。 由于攻击似乎是概率性的(对于单个故障潜在地需要几百个“INVALID MESSAGESTART”错误),4小时的禁令将限制攻击者造成该错误的能力,虽然这样我们不能从根本上修复。

这不是一个关键问题,因为节点故障的可能性似乎只有5%。 然而,攻击者可能通过制定更有效的攻击序列或使用更多的机器攻击网络来提高此故障率。 因此,我们敦促您尽快升级到Bitcoin Unlimited1.0.1.0版本或不同客户端的修补版本。