Time warp attack

From Litecoin Wiki
Jump to: navigation, search

The time warp attack[1] is based on a bug in Bitcoin and Litecoin (and their forks) where the difficulty calculation is off by one block. This is an example of a flaw that affects all coins, especially ones with low network hash rates.

An attacker can repeatedly try to generate the last block of each retarget window, and use a fabricated timestamp of two hours into the future in order to make the time difference from the first block in the retarget window high, thus lowering the difficulty by 0.5%. Due to the bug, the bogus timestamp isn't used as the first block in the next retarget window, and therefore the two extra hours aren't being compensated for in the next difficulty calculation. Once the difficulty is low, the attacker can mine many fast coins, or in the case of a small chain, an attacker with 51% hash power could reduce the difficulty to 1 and mine a new fork from the genesis block.

This attack may not be as feasible on Bitcoin any longer because the probability of repeatedly generating the last block once every two weeks at such high difficulties may be negligible.

Although fixing this issue in Bitcoin is possible, it should be done carefully (by adding rules that encourage nodes to upgrade over time) so to avoid a chain fork, i.e. old clients who didn't upgrade might operate with another difficulty and therefore disagree regarding which blocks are valid.

A fix in Litecoin's code has prevented one type of time warp attack, the Zeitgeist2 51% attack.[2]