Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core pre-0.21.0 vulnerabilities.
- 0:00 - Introductions and motivation for disclosures
- 3:17 - Absolute value of a signed integer leads to rejection of all blocks
- 13:50 - Too many misbehaving peers leads to DoS
- 21:17 - Nested loop without deduplication leads to stalling
- 27:34 - Vulnerability in dependency leads to potential RCE
- 34:17 - Large memory allocation in peer receiver buffer and send buffer
- 35:41 - Payment request fetch causes mysterious crashing
- 37:39 - Misordered logic permits download of blocks bypassing checkpoints
- 42:21 - Lessons learned from these disclosures
Keep in touch
Subscribe to The Bitcoin Development Podcast:
Subscribe to the Brink newsletter for our blog posts.