A bug in “timelocked” Bitcoin contracts could allow miners to rob each other

A bug in "timelocked" Bitcoin contracts could allow miners to rob each other - Bitcoin Bug 1024x640In a report published in late April, the engineer known under the pseudonym 0xb10c found that over a million "timelocked" transactions between September 2019 and March 2020 were not properly performed on the network.

This increases the risk of a potential form of attack in which miners could essentially steal bitcoins from other miners. The bug affects 10% of timelocked transactions or 2% of quotation bitcoin in general. The report's findings shed light on a key area of ​​bitcoin research that aims to prevent miners from becoming too powerful or cheating in various ways.

How the detected bug works

A timelocked transaction prevents the recipient of the bitcoin from accessing it immediately, having to wait for the network to first add a certain number of locks to the distributed register.

Since each new block takes about 10 minutes to load, a timelocked can be programmed, at the discretion of the person making it, to be executed after the loading of a certain number of blocks in the future.

But the bad timelocked detected by 0xb10c have a more immediate action. Set for the current block, they are designed to make "a potentially destructive mining strategy called fee-sniping less profitable," said 0xb10c.

With fee-sniping, an improper miner could replace a block that someone else has just checked out with his own, including that particular transaction and potentially other pending transactions. The timelock mechanism prevents them from including the latter, circumscribing the loot of the action and making such an attack less convenient.

Long-term risk

“Currently, not applying a timelock has no consequences for most transactions. In a few years, when the block's reward will consist mainly of transaction fees, it could lead to a profitable commission cut, ”said 0xb10c.

Hence, the bug could be more damaging in the future of the network. But right now, it's very likely to be a "low priority" issue for most wallet services because it doesn't result in users losing money or affecting timelocks set in the future, said 0xb10c. In addition, the bug adversely affects user privacy.

The main body involved in spreading the bug is ready to find a solution

Many of the wrong transactions detected by 0xb10c were performed by a single entity of significant size, which it did not nominate. The engineer said he contacted him and received a "professional" response, he said, finding a solution to the problem.

However, it may take some time for the solution to be implemented. 0xb10c hopes that his research will raise awareness of the risk of zero-cost attacks so that wallets that have not properly set up timelocked transactions can do so, making the Bitcoin network a little more robust. "It is difficult to find the respective implementations that create these transactions," said 0xb10c. "Some of them may not be open source, which makes it even more difficult."