Bug in “Timelocked” Bitcoin Transactions Allows Miners to Cheat Each Other
A widespread bug in has compromised “timelocked” Bitcoin transactions which are supposed to discourage miners from stealing, according to new research.
In a report published in late April, pseudonymous engineer 0xb10c found over a million of such “timelocked” transactions made between September 2019 and March 2020 which were not accurately enforced by the network. This increases the risk of a hypothetical form of attack in which miners could steal Bitcoin from other miners. The bug impacts 10% of timelocked transactions, or 2% of Bitcoin transactions overall.
The findings point to a key area of Bitcoin research which attempts to prevent miners from gaining too much power or cheating in different ways so the world’s biggest cryptocurrency, with a market capitalization worth around $173 billion, works as designed. 0xb10c is one of a global network of developers and scientists battle-testing the network, to safeguard against even hypothetical attacks which so far haven’t been much of a problem.
A timelocked transaction prevents the recipient of Bitcoin from accessing it right away. Instead, the person should wait until the network has added a certain number of blocks to the chain. Since each new block takes around 10 minutes to record, a timelock can be programmed to expire at an approximate point in the future by setting a corresponding block height.
One use case for this feature is as a form of vesting — company Blockstream has paid employees in timelocked Bitcoin, for example, which theoretically gives them an incentive to do what’s best for the network’s long-term value.
But the faulty timelocks 0xb10c found had a more immediate purpose. Set for the current block (so they are not valid one block later) they are designed to make “a potentially disruptive mining strategy, called fee-sniping, less profitable,” 0xb10c said.
With fee-sniping, a malicious miner attempts to replace a block someone else just mined with their own, including the same transactions together with other transactions which are still pending. The timelock prevents them from incorporating the latter, limiting the spoils from the attack so it’s not worth paying attention.
A long-term risk
The likelihood of such an attack might increase as transaction fees, paid by users who want to prioritize their payments, become a more important source of income for the miners. Currently, miners rely predominantly on block rewards of freshly minted Bitcoin to cover their costs. But this revenue stream reduces over time, as the Bitcoin network’s recent halving shows.
“Currently, not enforcing a timelock to an absolute block height does not have consequences for the majority of transactions. In a few years, when the block reward consists mainly of transaction fees, it might make fee-sniping more profitable,” 0xb10c explained.
Thus, the bug could be harmful to the wider network. But right now, it’s most likely a “low-priority” problem to fix for most wallet services since it doesn’t lead to users losing money or affect timelocks set further into the future, 0x0b10c noted.
The bug is also a privacy leak for users. The oddly formed timelock is different from all the other timelocks on the network, so it’s easy for blockchain voyeurs to note the wallet from which the transaction originated.
Many of the faulty transactions found by 0xb10c were made by a single large entity, which he did not name. The engineer said he reached out to the entity producing the buggy software, who responded “professionally,” he said, coming up with a solution to the problem. The solution will need time to be created, however.
“A fix for this has been released in early 2020. However, it will take a while before all instances of the currently deployed software are upgraded,” he said.
0x0b10c hopes his research will draw attention to the risk of fee-sniping attacks so wallets which haven’t set the time locked transactions properly can make the fix, making the Bitcoin network a bit more reliable.
He was able to determine and contact the largest entity producing these buggy transactions, but there are others out there making the same mistake.
“It’s hard to find the respective implementations creating these transactions,” 0xb10c said. “Some of them might not be open source, making it even harder.”