The Bitcoin Development Podcast

Brink engineers Gloria Zhao and Niklas Gögge are joined by 0xB10C talk through the recently disclosed Bitcoin Core pre-25.0 vulnerabilities. This continues our previous discussions in Episode 4 on pre-0.21.0 and Episode 5 on 0.21.0 Bitcoin Core Vulnerabilities. (0:00) - Introduction (0:48) - The DoS vulnerability in headers sync (3:12) - Discussion of checkpoints in the code (10:11) - Bitcoin Core #25717 PR to fix the DoS vulnerability in headers sync (14:31) - The denial-of-service (DoS) vulnerability in inventory send queue (14:42) - P2P background regarding transaction relay and inventory messages (17:26) - Observations of increased network activity (23:30) - Bitcoin Core #27610 PR to fix the inventory send queue DoS vulnerability (25:35) - Stale blocks and impact on miners (28:31) - KIT Bitcoin monitoring website and latency graph (31:09) - Discussion of disclosure approach (34:10) - The crash vulnerability in compact block relay (34:20) - Compact block relay background (39:56) - Mechanics of a potential attack (42:49) - Discovery of the vulnerability (47:56) - Bitcoin Core #26898 PR to fix the crash vulnerability in compact block relay (49:33) - Benefits of modularizing code (56:25) - Lessons learned Note: A vulnerability of ‘hindered block propagation due to mutated blocks’ was also disclosed and will be covered in a future podcast.

Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core pre-22.0 vulnerabilities. This continues our previous discussion in Episode 4 on pre-0.21.0 Bitcoin Core Vulnerabilities. (0:00) - Introduction (1:07) - Background on Bitcoin peer-to-peer address relay (4:30) - Bitcoin Core’s AddrMan (address manager) data structure (5:37) - Disclosure of remote crash due to addr message spam (8:51) - Address spamming observed on the network (10:57) - Bitcoin Core #22387 PR to fix addr message spam (13:46) - Background on Miniupnp, the UPnP library used by Bitcoin Core (15:18) - The bug in Miniupnpc (16:33) - Disclosure of the impact of an infinite loop bug in the miniupnp dependency (17:50) - Bitcoin Core #20421 PR to fix the infinite loop bug in the miniupnp dependency (18:46) - Lessons learned

Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core pre-0.21.0 vulnerabilities. (0:00) - Introductions and motivation for disclosures (3:17) - Absolute value of a signed integer leads to rejection of all blocks (13:50) - Too many misbehaving peers leads to DoS (21:17) - Nested loop without deduplication leads to stalling (27:34) - Vulnerability in dependency leads to potential RCE (34:17) - Large memory allocation in peer receiver buffer and send buffer (35:41) - Payment request fetch causes mysterious crashing (37:39) - Misordered logic permits download of blocks bypassing checkpoints (42:21) - Lessons learned from these disclosures

Sebastian Falbesoner (theStack) and Mike Schmidt talk about Bitcoin Core code review, BIP324, and Sebastian’s plans for the next year. (0:00) - Sebastian’s journey to Bitcoin development (4:00) - Thoughts on contributing to Bitcoin Core in a remote, part time capacity (7:26) - What is the Bitcoin Core test framework? (12:15) - From testing to PR authorship (and Bitcoin Core #25957) (17:05) - The scarcity and importance of code review (22:56) - Benefits of BIP324, Version 2 P2P Encrypted Transport Protocol (29:13) - Sebastian’s approach to contributing to BIP324 and libsecp256k1 (37:18) - BIP322 generic signmessage Brink exists to strengthen the Bitcoin protocol and network through fundamental research and development, and to support the Bitcoin developer community through funding, education, and mentoring. Visit ⁠https://brink.dev/⁠ to learn more.

John and Gloria continue their discussion of Bitcoin's mempool by explaining parent, child, ancestor and descendant transactions. (0:00) - Parent and child transactions (2:23) - Relevance of ancestors and descendants to the mempool (4:17) - Reasons transactions leave the mempool (6:58) - Block construction considerations for miners (11:46) - Full node performance considerations (16:15) - Child pays for parent and missing inputs Brink supports and mentors new contributors to open source Bitcoin development through our fellowship program, and supports the work of established Bitcoin protocol engineers through our grants program. Visit https://brink.dev/ to learn more.

Brink co-founder, John Newbery, and Brink fellow, Gloria Zhao, discuss Bitcoin Core's mempool policy. 0:25 - What is a mempool and why have one? 6:58 - Denial of service protection 8:38 - What is mempool policy? 10:15 - 3 types of mempool policy and examples of each 12:30 - Mempool policy: transaction size too small or too large 17:26 - Mempool policy: BIP125 Replace by Fee (RBF) 19:57 - Transaction pinning attacks 22:55 - Mempool policy: Discourage upgradable NOPs, witness versions, taproot leaf versions, etc Brink supports and mentors new contributors to open source Bitcoin development through our fellowship program, and supports the work of established Bitcoin protocol engineers through our grants program. Visit https://brink.dev/ to learn more.

John and Gloria continue their discussion of Bitcoin's mempool by explaining parent, child, ancestor and descendant transactions. 0:00 - Parent and child transactions 2:23 - Relevance of ancestors and descendants to the mempool 4:17 - Reasons transactions leave the mempool 6:58 - Miner's block construction considerations 11:46 - Full node performance considerations 16:15 - Child pays for parent and missing inputs Brink supports and mentors new contributors to open source Bitcoin development through our fellowship program, and supports the work of established Bitcoin protocol engineers through our grants program. Visit https://brink.dev/ to learn more.