0xB10C on Nostr: tl;dr: ViaBTC didn't check the header merkle root in their P2P client. Sending a ...
tl;dr: ViaBTC didn't check the header merkle root in their P2P client. Sending a block message with an old header and a modified coinbase transaction caused them to SPV mine on the old header for 30s at a time. I responsibly disclosed this to ViaBTC, and they awarded 2000 USDT.
Published at
2024-03-20 14:00:41Event JSON
{
"id": "4cc548a512b32711105be9d79630c9db1d498921e2792a593574f9ab8a81c22b",
"pubkey": "b10c0000079a83cf26815dc7538818d8d56a2983e374e30a4143e50060978457",
"created_at": 1710943241,
"kind": 1,
"tags": [
[
"e",
"1a3ffe1b6eeaccdee6003af144dca8c0746d655d6c6d1b7e60bd01ce329370c8",
"wss://nostr.bitcoiner.social/",
"root"
]
],
"content": "tl;dr: ViaBTC didn't check the header merkle root in their P2P client. Sending a block message with an old header and a modified coinbase transaction caused them to SPV mine on the old header for 30s at a time. I responsibly disclosed this to ViaBTC, and they awarded 2000 USDT.",
"sig": "b4e88cf32a0be244a1a18f58ce31ce46111b8b6f4b60ffb7306dd177e1b63852cf89e99f0b5d9ef5ed8e2ee0b68c6c52ec5e0b333737b1beb9872600590cb44f"
}