Discussing Pre-25.0 Bitcoin Core Vulnerability Disclosures

Brink engineers Gloria Zhao and Niklas Gögge are joined by 0xB10C talk through the recently disclosed Bitcoin Core pre-25.0 vulnerabilities. This continues our previous discussions in Episode 4 on pre-0.21.0 and Episode 5 on 0.21.0 Bitcoin Core Vulnerabilities. (0:00) - Introduction (0:48) - The DoS vulnerability in headers sync (3:12) - Discussion of checkpoints in the code (10:11) - Bitcoin Core #25717 PR to fix the DoS vulnerability in headers sync (14:31) - The denial-of-service (DoS) vulnerability in inventory send queue (14:42) - P2P background regarding transaction relay and inventory messages (17:26) - Observations of increased network activity (23:30) - Bitcoin Core #27610 PR to fix the inventory send queue DoS vulnerability (25:35) - Stale blocks and impact on miners (28:31) - KIT Bitcoin monitoring website and latency graph (31:09) - Discussion of disclosure approach (34:10) - The crash vulnerability in compact block relay (34:20) - Compact block relay background (39:56) - Mechanics of a potential attack (42:49) - Discovery of the vulnerability (47:56) - Bitcoin Core #26898 PR to fix the crash vulnerability in compact block relay (49:33) - Benefits of modularizing code (56:25) - Lessons learned Note: A vulnerability of ‘hindered block propagation due to mutated blocks’ was also disclosed and will be covered in a future podcast.