CVE-2021-31876 Information

Description

Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125 which makes it easier for attackers to trigger a loss of funds or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff spending an unconfirmed parent with nSequence <= 0xff_ff_ff_fd should be replaceable because there is inherited signaling by the child transaction. However the actual PreChecks implementation does not enforce this. Instead mempool rejects the replacement attempt of the unconfirmed child transaction.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Reference

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876 https://bitcoinops.org/en/newsletters/2021/05/12/ https://bitcoinops.org/en/topics/replace-by-fee/ https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html https://github.com/bitcoin/bitcoin

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

LOW

Base Severity

6.5