Security Enhancements for Preventing Two Kinds of Attacks

[CharesFang]

According to PR#14897 of Bitcoin, the author committed patches to avoid potential attacks that can prevent Bitcoin nodes from getting transactions with others.

This behavior was described well here (page 11).

Per current implementation, if node A receives INV (tx) from node B, node A sends GETDATA to B and waits for TX message back.

Node A is likely to receive more INVs (regarding the same tx) from other peers. But node A would not send another GETDATA unless it does not hear TX back from node B for next 2 minutes (to save bandwidth)

Thus, if B is a malicious node, it can prevent node A from getting the transaction (even if all A’s peers have it) for 2 minutes.

This behavior seems to be an inherent limitation of the current P2P relay protocol, and I don’t see how it can be fundamentally changed (I can see workarounds which involve rewriting a lot of P2P code though).

We checked the Ravencoin code and found the same likely vulnerable code segments in Ravencoin/src/net.cpp, Ravencoin/src/net.h, and other files. Therefore, we strongly suggest that Bitcoin PR#14897 should be backported promptly for security enhancements. For more details, please refer to the patch commit 1cff3d6c.

Reported by de957ad9679f28a38f02f00cc7928bce8fb424882ff060a3c09c32895b1474cc.

[fdoving]

This is related and links to one more PR improving the solution: https://github.com/dogecoin/dogecoin/issues/2735