Luke Parker breaks down the Monero burning bug and how we can fix it

A Monero transaction is proof that you received funds. To be sure you are able to spend them, your wallet needs to be fully synced. To make life easier for Monero integrators we should get rid of this issue entirely.

What is the Monero burning bug?

The burning bug is the result of Monero's privacy protocol, specifically stealth addresses. When you send to someone's Monero address, you generate a random number. This random number is used to create a new one-time key only the recipient knows. When the recipient spends their funds, they provide a proof that one-time key hasn't been used before, preventing double spends.

If the sender chooses the same random number multiple times, the same one-time key will be generated. This causes the recipient to have multiple outputs, yet spending one will burn all of them, hence the name, the burning bug.

How is this currently mitigated?

Monero wallets, to properly handle this, need to scan the entire blockchain since they were created, keep track of all one-time keys used, and if they receive an output reusing a key (which is malicious), not credit that output. Not only does this require wallets know their entire history when scanning transactions, it requires extra code to handle and can create ambiguous situations. In some scenarios, it's possible for a legitimate transaction to use a random number, and a malicious transaction to reuse it. If the malicious transaction is mined first, it'll be seen as the first usage and therefore valid, burning another user's funds. This requires a few very specific circumstances which don't affect almost everyone using Monero, but a few new parties are working on protocols which do create these circumstances.

How do we get rid of this issue entirely?

Guaranteed Addresses, now part of Featured Addresses, are a new address format removing this as an issue. The one-time key is created slightly differently when they're used, forcing it to be unique. This enables these new protocols to function properly while also enabling wallets to safely run without knowing their history. While Seraphis, Monero's upcoming privacy protocol, incorporates the same fix, I'm trying to get this supported now, while Seraphis is a while away.

You can follow Luke on twitter and github