Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[0.5] btc: update btcd to fix critical block parsing failure #1897

Merged
merged 2 commits into from
Oct 10, 2022
Merged

[0.5] btc: update btcd to fix critical block parsing failure #1897

merged 2 commits into from
Oct 10, 2022

Conversation

chappjc
Copy link
Member

@chappjc chappjc commented Oct 10, 2022
edited
Loading

#1896 but for release-v0.5

Unfortunately, the revision of btcd we were requiring for 0.5 seems to have the affected taproot processing code (i.e. tries to process witnesses v1). EDIT: It looks like all past revisions of btcd/wire are affected.

This PR creates a bigger dep update than the one in #1896 so I've gone through both interactive and simnet trade tests.

@chappjc
Copy link
Member Author

chappjc commented Oct 10, 2022

on release-v0.5 and master:

$  go test -v -run TestBigWitness
=== RUN   TestBigWitness
    witness_fix_test.go:23: readScript: script witness item is larger than the max allowed size [count 33970, max 11000]
--- FAIL: TestBigWitness (0.01s)
FAIL
exit status 1
FAIL	decred.org/dcrdex/client/asset/btc	0.016s

with update:

$  go test -v -run TestBigWitness
=== RUN   TestBigWitness
--- PASS: TestBigWitness (0.01s)
PASS
ok  	decred.org/dcrdex/client/asset/btc	0.016s

So we definitely need this update on release-v0.5. Need to start testing now, since the btcd and btcwallet dependency updates are not small.

@chappjc
Copy link
Member Author

chappjc commented Oct 10, 2022
edited
Loading

Interactive trades succeeding with:

  • btc spv, maker
  • btc spv, taker
  • btc full node rpc, maker
  • btc full node rpc, taker

The simnet-trade-tests passing:

  • ./run dcrbtc -t success (full node trade success path)
  • ./run dcrbtc -t makerghost (full nodes, finding a DCR contract to auto-redeem BTC)
  • ./run dcrbtc -t makerghost (full nodes, finding a BTC contract to auto-redeem DCR)
  • ./run dcrbtcspv -t success (btc spv trade success path)
  • ./run dcrbtcspv -t makerghost (btc spv, finding a BTC contract to auto-redeem DCR)

chappjc
chappjc commented Oct 10, 2022
View reviewed changes
go.mod
github.com/btcsuite/btcd/btcec/v2 v2.2.0
github.com/btcsuite/btcd/btcutil v1.1.1
github.com/btcsuite/btcd/btcutil/psbt v1.1.3
github.com/btcsuite/btcd v0.23.2
Copy link
Member Author

@chappjc chappjc Oct 10, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

btcd review diff, 67 commits forward: btcsuite/btcd@bf64c8b...v0.23.2
combined diff: https://github.com/btcsuite/btcd/compare/bf64c8bdbbbf..v0.23.2

go.mod
github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1
github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f
github.com/btcsuite/btcwallet v0.14.1-0.20220322205928-94c51d7bdbf9
github.com/btcsuite/btcwallet/wallet/txauthor v1.2.3
github.com/btcsuite/btcwallet v0.16.1
Copy link
Member Author

@chappjc chappjc Oct 10, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

btcwallet review diff, 49 commits forward: btcsuite/btcwallet@94c51d7...v0.16.1
combined diff: https://github.com/btcsuite/btcwallet/compare/94c51d7bdbf9..v0.16.1

@chappjc chappjc mentioned this pull request Oct 10, 2022
Merged
@chappjc
btc: update btcd to fix critical block parsing failure
15bbfd3 
This updates the btcd require to v0.23.2, which includes a critical fix
to the wire package's block parsing code that resolves a failure to
deserialize a block with a script witness item larger than 11000.

There are now blocks on mainnet and testnet that cannot be deserialized
with v0.23.1, meaning this is a critical fix for takers who need to
find the maker's redeem transaction and pull the block containing the
spending transaction. For SPV, only the matching block is pulled.
For a full node RPC wallet, the blocks are pulled in sequence and each
transaction is checked directly. As such, the issue affects both types
of wallet clients.

See mainnet block 0000000000000000000400a35a007e223a7fb8a622dc7b5aa5eaace6824291fb
containing and enormous 998-of-999 tapscript multisig in txn
7393096d97bfee8660f4100ffd61874d62f9a65de9fb6acf740c4c386990ef73.

See also testnet block 0000000000000032fcf519b61aad2b966348e3f2d27687b26277933cc9881965
containing taproot transaction
44692bc2da73192cd0b89bc7a43c0ce43578f6b3567bc945e46e6952e8ec5ca5.

This also updates the btcwallet require from 0.15.1 to 0.16.1.

This also adds a new test with the above mainnet block and transaction
as test vectors.
@chappjc
v0.5.4 version strings
305a348
@chappjc chappjc force-pushed the btc-witness-item-size-fix-0.5 branch from c7b57fa to 305a348 Compare October 10, 2022 15:37
@chappjc chappjc added this to the v0.5.4 milestone Oct 10, 2022
@chappjc chappjc merged commit 3f0d61f into decred:release-v0.5 Oct 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoeGruffins JoeGruffins JoeGruffins approved these changes

@buck54321 buck54321 buck54321 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.5.4
Development

Successfully merging this pull request may close these issues.
3 participants
@chappjc @buck54321 @JoeGruffins