Disclosure of significant DoS due to orphan handling

A node could be stalled for hours when processing the orphans of a specially crafted unconfirmed
transaction.

This issue is considered High severity.

Details

After accepting a transaction into its mempool, the node would go through its cache of orphan
transactions to find if this new accepted transaction makes it possible to accept any. This search
was quadratic: for each output in the newly accepted transaction it would go through all cached
orphan transactions (limited to 100). By specially crafting the orphan transactions to be invalid
yet expensive to validate a node could be stalled for several hours.

The stall was fixed by Pieter Wuille in PR #15644
by interrupting the orphan resolution to process new messages when a match is found (whether the
orphan turns out to be valid or not).

Attribution

Credits to sec.eine for responsibly disclosing the bug and providing feedback on the fix.

Timeline

2019-03-19 sec.eine reports the issue to Greg Maxwell by email
2019-03-21 Greg Maxwell responds with information about the proposed patch
2019-03-22 sec.eine gives feedback on the patch (“seems solid and [..] doesn’t attract attention”)
2019-03-22 Pieter Wuille opens PR #15644
2019-04-01 PR #15644 is merged
2019-05-18 Bitcoin Core version 0.18.0 is released with a fix
2020-07-22 The issue is partially disclosed during a PR review club
2020-08-01 The last vulnerable Bitcoin Core version (0.17.x) goes EOL
2024-07-03 Public disclosure.