[Bitcoin-development] Duplicate transactions vulnerability

Brautigam Róbert robert.brautigam at netmind.hu
Tue Feb 28 17:12:12 UTC 2012

On 02/28/2012 05:48 PM, Pieter Wuille wrote:
> Hello all,


> as some of you may know, a vulnerability has been found in how the
> Bitcoin reference client deals with duplicate transactions. Exploiting
> it is rather complex, requires some hash power, and has no financial
> benefit for the attacker. Still, it's a security hole, and we'd like
> to fix this as soon as possible.
> A simple way to fix this, is adding an extra protocol rule[1]:
>    Do not allow blocks to contain a transaction whose hash is equal to
> that of a former transaction which has not yet been completely spent.

I don't know whether I understand this correctly, but there should be no 
duplicate transaction hashes at all. So the rule should be: Do not allow 
blocks to contain transaction hashes which are already present in that 

If by a freak accident a transaction has the same hash as another 
transaction in the chain, shouldn't the transaction be "tweaked" in some 
way to avoid collision (generate a new target address for it or 
something)? In any case this seams very-very unlikely to happen, or am I 
missing something?


More information about the bitcoin-dev mailing list