[bisq-network/bisq] Error at BitcoinJ deserializing message (#2557)

Oscar Guindzberg notifications at github.com
Mon Mar 18 22:49:27 UTC 2019

I had a look.
It looks like the problem is a dishonest/buggy/old peer.

There is a peer is sending an invalid "alert" msg.
Alert msgs were used in the past to alert problems on the btc protocol. Alert messages are deprecated but a peer is sending it anyway.

On top of that, the alert msg is malformed.
Bitcoin msg format is: header+payload. 
Since the first couple of bytes of the payload printed on the log look like a header, I guess the malformed msg contains the msg header twice (unfortunately just the payload is printed on the log, not the full msg). 

As part of bisq's bitcoinj 0.14.7 release I included some DoS protection
https://github.com/bisq-network/bitcoinj/commit/66c5bd46cbabfab57e3cdcc6379e21c81d989ae1 that just happened to detect this malformed msg.

I was able to reproduce the exception running bisq in dao-betanet (it is reproduced randomly).

I notice by default dao-betanet does not use the "safe" btc nodes provided by the bisq community. It uses either dns peer discovery or connects to the harcoded bitcoinj nodes. 

I wrote a java main program that reproduces the problem:

import org.bitcoinj.core.BitcoinSerializer;
import org.bitcoinj.core.Message;
import org.bitcoinj.params.MainNetParams;

import java.io.IOException;
import java.nio.ByteBuffer;

import static org.bitcoinj.core.Utils.HEX;

public class Test {

    public static void main(String[] args) throws IOException {
        String msg = "f9beb4d9616c65727400000000000000a80000001bf9aaea60010000000000000000000000ffffff7f00000000ffffff7ffeffff7f01ffffff7f00000000ffffff7f00ffffff7f002f555247454e543a20416c657274206b657920636f6d70726f6d697365642c2075706772616465207265717569726564004630440220653febd6410f470f6bae11cad19c48413becb1ac2c17f908fd0fd53bdc3abd5202206d0e9c96fe88d4a0f01ed9dedae2b6f9e00da94cad0fecaae66ecf689bf71b50";
        String doubleHeaderMsg = "f9beb4d9616c65727400000000000000a80000001de0d306f9beb4d9616c65727400000000000000a80000001bf9aaea60010000000000000000000000ffffff7f00000000ffffff7ffeffff7f01ffffff7f00000000ffffff7f00ffffff7f002f555247454e543a20416c657274206b657920636f6d70726f6d697365642c2075706772616465207265717569726564004630440220653febd6410f470f6bae11cad19c48413becb1ac2c17f908fd0fd53bdc3abd5202206d0e9c96fe88d4a0f01ed9dedae2b6f9e00da94cad0fecaae66ecf689bf71b50";
        BitcoinSerializer serializer = new BitcoinSerializer(MainNetParams.get(), false);
        ByteBuffer bb = ByteBuffer.wrap(HEX.decode(doubleHeaderMsg));
        Message m = serializer.deserialize(bb);

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20190318/b603920b/attachment.html>

More information about the bisq-github mailing list