Are Dash nodes exposed to this type of attack?

[alex9]

Sorry, I'm too lazy to do my own research about this right now, but want to know - Dash Core exposed to this attack?

http://www.trustnodes.com/2017/09/1...n-cash-developer-centralization-called-threat

This paragraph worries me a little:

The way some implementations have been coded allows for the creation of special transactions that can spend many transactions from many outputs. As they are loaded onto memory, they can reach a size of 8GB, crashing nodes

 

[alex9]

Today I'm not so lazy

Chris Jeffrey (JJ) on Breaking Bitcoin
Starts from 2:30:25
Demo - 4 mins
Full presentation - 29 mins

I've made screenshots of his slides:
https://imgur.com/a/w0ljK

Are we affected? @tungfa @UdjinM6 or any other knowledgeable?
I think it's pretty serious.

 

[UdjinM6]

Yes we are aware. But as it was mentioned in the video, to prepare an attack like that one would require millions of $$ spent in fees, so it's more of a theoretical one. With this in mind, we do not plan to address this in initial 12.2 release as this would require backporting way too much of bitcoin code OR writing a dirty patch which would cause issues for following bitcoin codebase later. And both options would require additional time for testing. We are already working on backporting bitcoin 0.14 including this fix (and excluding segwit). The plan is to close this attack vector by the end of this year i.e. in 12.2.1 or 12.3 release.

EDIT: with this being said, if you care about Dash network health in general and your income as a MNO in particular, make sure your MN have good specs, just in case.

 

[demo]

This shouldn’t be a problem, because Dash is a decentralized protocol where people should be using multiple different implementations. At least, that’s how Dash should be. I hope I opened some peoples’ eyes on that. Implementation centralization will kill Dash one day, just not today, since I don’t think this attack is reasonable to pull off in practice. But it serves as a good reminder — single points of failure suck.

 

[alex9]

But as it was mentioned in the video, to prepare an attack like that one would require millions of $$ spent in fees, so it's more of a theoretical one.

Unfortunately not. Millions $ for Bitcoin. For Dash - less than $100'000 at current prices. To be more precisely - 240 DASH spent on fees (24'000 transactions x 100 kB x 0.0001 DASH/kB). Not so theoretical, sorry.

 

[codablock]

This is going to be fixed shortly after the 12.2. release. Code is already prepared and waiting in one of my branches.

 

[alex9]

This is going to be fixed shortly after the 12.2. release. Code is already prepared and waiting in one of my branches.

This is very good news. Thank you.

Obviously, this needs to be fixed much earlier than "by the end of this year", with increase of the block size to 2MB and decrease in fees, the probability of successful attack greatly increases.

I constantly monitor the blockchain for the presence of traces of a preparatory stage of the attack (with 1MB blocks it will take at least 5 days and will be clearly visible).