The Bitcoin Development Podcast

Discussing Pre-25.0 Bitcoin Core Vulnerability Disclosures

Listen Later

Brink engineers Gloria Zhao and Niklas Gögge are joined by 0xB10C talk through the recently disclosed Bitcoin Core pre-25.0 vulnerabilities.

This continues our previous discussions in Episode 4 on pre-0.21.0 and Episode 5 on 0.21.0 Bitcoin Core Vulnerabilities.


  • (0:00) - Introduction
  • (0:48) - The DoS vulnerability in headers sync
    • (3:12) - Discussion of checkpoints in the code
    • (10:11) - Bitcoin Core #25717 PR to fix the DoS vulnerability in headers sync
    • (14:31) - The denial-of-service (DoS) vulnerability in inventory send queue
      • (14:42) - P2P background regarding transaction relay and inventory messages
      • (17:26) - Observations of increased network activity
      • (23:30) - Bitcoin Core #27610 PR to fix the inventory send queue DoS vulnerability
      • (25:35) - Stale blocks and impact on miners
      • (28:31) - KIT Bitcoin monitoring website and latency graph
      • (31:09) - Discussion of disclosure approach
      • (34:10) - The crash vulnerability in compact block relay
        • (34:20) - Compact block relay background
        • (39:56) - Mechanics of a potential attack
        • (42:49) - Discovery of the vulnerability
        • (47:56) - Bitcoin Core #26898 PR to fix the crash vulnerability in compact block relay
        • (49:33) - Benefits of modularizing code
        • (56:25) - Lessons learned


          • Note: A vulnerability of ‘hindered block propagation due to mutated blocks’ was also disclosed and will be covered in a future podcast.


          ...more
          View all episodesView all episodes
          Download on the App Store
          The Bitcoin Development PodcastBy Brink
          • 5
          • 5
          • 5
          • 5
          • 5

          5

          4 ratings