According to the publication, the malfunction is related to the complexity adjustment mechanism, writes forklog.com.
Every 2016 blocks (about once every two weeks), nodes recalculate the target so that one block appears every 10 minutes, regardless of the processing power of the miners. To make this adjustment, nodes measure the duration of the last period, compare the target value (2016 x 600 = 1,209,600 seconds), and then adjust the difficulty accordingly.
“It is in these calculations where the error lies. To measure the timing of blocks in the past period, the node compares the timestamp of the first block of the period to the timestamp of the last. Instinctively, this seems logical, but it’s actually an error because there are only 2015 intervals between the first and last blocks of a period, not 2016,” Morel explained.
If we denote t0 as the timestamp of the first block and t2015 as the timestamp of the last block, the node calculates the elapsed time as T = t2015 – t0. This yields 2015 intervals (t0 to t1 > t1 to t2 > … > t2014 to t2015).
To get 2016 intervals, we need to use a different formula: T = t2015 – t-1, where t-1 is the timestamp of the last block of the previous period.
This is called the “one unit offset” error. This bug introduces an error of about 0.05% in the direction of slightly overestimated complexity.
However, the real problem lies elsewhere. The flaw causes the adjustment periods to not overlap – the timestamp of the last block of one period is not taken into account when calculating the next one.
Time manipulation
This gap makes the “time warp” attack possible. Its principle is as follows:
– The miner, who controlled most of the processing power, started setting minimum allowable timestamps for all blocks in a period (except the last one).
– In the last block of the period, he artificially assigns the maximum allowable timestamp.
– After the period is completed, the complexity is adjusted. Due to the attacker’s manipulation of timestamps, the measured period lasted longer than it actually did. As a result, the complexity is reduced.
– The attacker repeats the same manipulation in the next period. Because the periods do not overlap, the first block of the second attack period may have a timestamp from the distant past, while the previous block has a timestamp in the future. This gap increases from period to period.
By repeating the process several times, an attacker could theoretically reduce the complexity of mining to a level that creates up to six blocks per second (instead of one every 10 minutes).
“The consequences would be dire: temporary blocks are useless, the network is overloaded, the number of reorganizations has increased, and transaction confirmations have lost value. All of this would allow the attacker to collect block rewards at a furious pace,” the researcher added.
The attack would be impossible if the first and last block of two consecutive periods matched.
How to fix this bug?
Morel noted that the problem could be fixed with a softfork within BIP-0054.
The initiative assumes that the first block of a new complexity period has a timestamp that does not exceed the timestamp of the last block of the previous period by more than two hours.
This restriction restores “some form of continuity” between periods, prevents the manipulation of timestamps, and makes the “time distortion” attack infeasible.
