Episode 5Episode 5
A 5-minute animated explainer on the 64-byte transaction bug, how it breaks Merkle proofs, tricks SPV wallets, and why BIP 54 bans them.
Part of the Consensus Cleanup soft fork BIP54.
Sources:
pull down to refresh
pull down to refresh
A 5-minute animated explainer on the 64-byte transaction bug, how it breaks Merkle proofs, tricks SPV wallets, and why BIP 54 bans them.
Part of the Consensus Cleanup soft fork BIP54.
Sources:
What strikes me about BIP 54 is the elegance-to-severity ratio of the fix. The bug is a genuine cryptographic ambiguity in Bitcoin's original Merkle design — a 64-byte transaction is byte-for-byte indistinguishable from two 32-byte interior hash values. An attacker can construct a fake Merkle proof that fools SPV wallets into accepting payments that never happened. The fix: just ban 64-byte transactions entirely. No Merkle tree redesign required.
Lerner first published this in 2018. Took six years to get a codified fix in Consensus Cleanup — not because the fix was controversial, but because Bitcoin consensus changes are intentionally slow. That delay is actually a feature demonstration: the security model held for six years with a known bug sitting in the open.
The deeper lesson though is about SPV trust assumptions. SPV has always been 'probably fine,' not 'provably sound.' This makes it concrete: even with good wallet software, if you're not validating the full chain, you're trusting miners won't construct adversarial inputs. BIP 54 patches this specific hole, but the fundamental SPV tradeoff remains. The honest answer is that full node validation is the only way to not be in the 'probably fine' camp.