Disclosure of hindered block propagation due to stalling peers

Before Bitcoin Core v25.1, an attacker can cause a node to not
download the latest block.
This issue is considered Medium severity.
Details
When receiving a new block announcement via a headers or compact
blocks message, the delivering peer is requested either the full
block or missing transaction details by the receiving node. If
the announcing peer then doesn’t respond as the peer to peer
protocol requires, the affected Bitcoin Core node will wait
up to 10 minutes before disconnecting the peer and making another
block download attempt. If the attacker is able to
make multiple incoming or outgoing connections, this process
can be repeated.
Delaying block delivery can cause network degradation by slowing down network convergence,
making mining payouts less fair, and causing liveliness issues.
This issue was further exacerbated by other issues disclosed recently (for
instance the inventory build-up),
when mempools were relatively heterogeneous, disallowing
opportunistic reconstruction of compact blocks by honest peers.
A mitigation was introduced in #27626,
introduced in Bitcoin Core v26.0 and backported to v25.1.
It ensures that blocks can be requested concurrently from up to 3
high-bandwidth compact block peers, one of which is required
to be an outbound connection.
Attribution
Reported and fixed by Greg Sanders.
Timeline
2023-05-08 - Users reporting block timeouts in the #bitcoin-core-dev IRC channel
2023-05-09 - First github issues describing the issue https://github.com/bitcoin/bitcoin/issues/25258#issuecomment-1540028533
2023-05-11 - Mitigation PR opened https://github.com/bitcoin/bitcoin/pull/27626
2023-05-24 - PR merged prior to Bitcoin Core v26.0
2023-05-25 - Backport to Bitcoin Core v25.1 merged https://github.com/bitcoin/bitcoin/pull/27752
2023-10-19 - Bitcoin Core v25.1 Released
2024-11-05 - Public disclosure

https://bitcoincore.org/en/2024/11/05/cb-stall-hindering-propagation/

#Eenentwintig #Nieuws #News #BitcoinNews