Brink engineers Gloria Zhao and Niklas Gögge are joined by 0xB10C talk through the recently disclosed Bitcoin Core pre-25.0 vulnerabilities.
This continues our previous discussions in Episode 4 on pre-0.21.0 and Episode 5 on 0.21.0 Bitcoin Core Vulnerabilities.
- 0:00 - Introduction
- 0:48 - The DoS vulnerability in headers sync
- 3:12 - Discussion of checkpoints in the code
- 10:11 - Bitcoin Core #25717 PR to fix the DoS vulnerability in headers sync
- 14:31 - The denial-of-service (DoS) vulnerability in inventory send queue
- 14:42 - P2P background regarding transaction relay and inventory messages
- 17:26 - Observations of increased network activity
- 23:30 - Bitcoin Core #27610 PR to fix the inventory send queue DoS vulnerability
- 25:35 - Stale blocks and impact on miners
- 28:31 - KIT Bitcoin monitoring website and latency graph
- 31:09 - Discussion of disclosure approach
- 34:10 - The crash vulnerability in compact block relay
- 34:20 - Compact block relay background
- 39:56 - Mechanics of a potential attack
- 42:49 - Discovery of the vulnerability
- 47:56 - Bitcoin Core #26898 PR to fix the crash vulnerability in compact block relay
- 49:33 - Benefits of modularizing code
- 56:25 - Lessons learned
Note: A vulnerability of ‘hindered block propagation due to mutated blocks’ was also disclosed and will be covered in a future podcast.
Keep in touch
Subscribe to The Bitcoin Development Podcast:
Subscribe to the Brink newsletter for our blog posts.