Discussing Pre-25.0 Bitcoin Core Vulnerability Disclosures
Manage episode 444610489 series 3285687
Brink engineers Gloria Zhao and Niklas Gögge are joined by 0xB10C talk through the recently disclosed Bitcoin Core pre-25.0 vulnerabilities.
This continues our previous discussions in Episode 4 on pre-0.21.0 and Episode 5 on 0.21.0 Bitcoin Core Vulnerabilities.
- (0:00) - Introduction
- (0:48) - The DoS vulnerability in headers sync
- (3:12) - Discussion of checkpoints in the code
- (10:11) - Bitcoin Core #25717 PR to fix the DoS vulnerability in headers sync
- (14:31) - The denial-of-service (DoS) vulnerability in inventory send queue
- (14:42) - P2P background regarding transaction relay and inventory messages
- (17:26) - Observations of increased network activity
- (23:30) - Bitcoin Core #27610 PR to fix the inventory send queue DoS vulnerability
- (25:35) - Stale blocks and impact on miners
- (28:31) - KIT Bitcoin monitoring website and latency graph
- (31:09) - Discussion of disclosure approach
- (34:10) - The crash vulnerability in compact block relay
- (34:20) - Compact block relay background
- (39:56) - Mechanics of a potential attack
- (42:49) - Discovery of the vulnerability
- (47:56) - Bitcoin Core #26898 PR to fix the crash vulnerability in compact block relay
- (49:33) - Benefits of modularizing code
- (56:25) - Lessons learned
Note: A vulnerability of ‘hindered block propagation due to mutated blocks’ was also disclosed and will be covered in a future podcast.
6 एपिसोडस