A double-spending attack was reported on the Filecoin network when Binance processed FIL deposits worth millions of dollars on Wednesday , according to Filecoin miners at Filfox and FileStar. The report led to an emergency suspension of FIL deposit and withdrawal on major exchanges including Binance, OKEX and MXC.
Tech team at Cobo Custody，Asia’s leading custodian provider which always paid close attention to on-chain security, gave us a comprehensive recap of the incident.
After a 61,000 FIL transaction (worth roughly $4.6 million) to Binance on Wednesday was taking too long, the Filfox and FileStar team tried to speed it up with a “replace-by-fee” (RBF) transaction. For a RBF transaction, usually the higher fee transaction is considered valid while the lower one is rejected.
This RBF transaction, however, resulted in the deposit showing up in their Binance account twice, effectively turning 61,000 FIL into 120,000 FIL.
The Filfox and FileStar team immediately alerted Binance and the Filecoin team.
Custodian service providers including exchanges and wallets credited users’ deposits based on on-chain transactions, thus efficient and accurate analysis of on-chain transactions is crucial.
The common way is to use APIs for bookkeeping to figure out what messages were executed and succeeded on chain.
Filecoin lotus offered a number of APIs including ChainGetBlockMessages for transaction messages, and StateGetReceipt for transaction state. In Filecoin’s case, those two APIS are used by exchanges including Binance for bookkeeping.
But when transactions happen to be RBF（replace-by-fee）, the StateGetReceipt API will fetch messages for the higher fee transaction and lower one, thus those two transactions are both valid.
For a regular RBF transaction, usually the higher fee transaction is considered valid while the lower one is rejected.
After the double-spending attack, the filecoin team opened a Github issue to work on a fix for the bug and improve the API documentation to ensure all others correctly inspect the Filecoin chain state going forward.
How did we do
Cobo Custody tech team detected the bug in those two APIs earlier last October when it was working on supporting Filecoin network and then used ChainGetParentMessages and ChainGetParentReceipts for bookkeeping instead which effectively minimised the double-spending risk.
“I suggest all custodian services providers inspect the codes carefully when supporting chains to avoid security issues like this,” said Cobo Custody tech lead Linfeng Liang.
Double-spending is a transaction that uses the same input as another transaction that has already been validated on the network.
The Bitcoin Gold (BTG) blockchain suffered a 51% attack in 2018, leading to 388200 BTG （worth more than 18million dollars） being double spent.
March 19, 2021
January 21, 2021
August 20, 2019