Layer 1 MIT Expo Bitcoin attack-a-thon ideas

[willcl-ark]

Soliciting ideas for a L1 attack-a-thon in April.

Ideas

Current ideas:

• deploy a network with old node versions vulnerable to bugs (e.g. inflation bug) and see them exploited
• pull off an eclipse attack

Work needed

tbd

[0xB10C]

A while ago, I thought about an addrman attack-a-thon. The goal is to fill a certain bucket (or all buckets) with fake/malicious addresses. Tools like addrman-observer could show the participants the current addrman of a node.

However, I don't think there are any publicly disclosed addrman attacks on old versions. Not sure if doing an attack-a-thon on something that's currently not considered broken is worth it. Likely not too rewarding for the participants. If someone comes up with an attack, it's likely a vulnerability, though.

[0xB10C]

In the 2019 Chaincode Residency, John had a "Break Bitcoin Core" challenge for us, where he disabled some policy limits and re-allowed old opcodes. See the commits at 2019-06-breaking-bitcoin-core. That could be a source for inspiration.

[josibake]

Removing policy limits is a great one. Scenarios could highlight certain DoS vectors that the policy limits were protecting against. We could build a "policy-less" node and push the image to our github repo.

[pinheadmz]

We can use acceptnonstdtxn=1 too.