Brink engineers Gloria Zhao and Niklas Gögge are joined by 0xB10C talk through the recently disclosed Bitcoin Core pre-25.0 vulnerabilities.

This continues our previous discussions in Episode 4 on pre-0.21.0 and Episode 5 on 0.21.0 Bitcoin Core Vulnerabilities.

• (0:00 ) - Introduction


• (0:48 ) - The DoS vulnerability in headers sync
  
  
  • (3:12 ) - Discussion of checkpoints in the code
  
  
  • (10:11 ) - Bitcoin Core #25717 PR to fix the DoS vulnerability in headers sync
  
  
  
  


• (14:31 ) - The denial-of-service (DoS) vulnerability in inventory send queue
  
  
  • (14:42 ) - P2P background regarding transaction relay and inventory messages
  
  
  • (17:26 ) - Observations of increased network activity
  
  
  • (23:30 ) - Bitcoin Core #27610 PR to fix the inventory send queue DoS vulnerability
  
  
  • (25:35 ) - Stale blocks and impact on miners
  
  
  • (28:31 ) - KIT Bitcoin monitoring website and latency graph
  
  
  • (31:09 ) - Discussion of disclosure approach
  
  
  
  


• (34:10 ) - The crash vulnerability in compact block relay
  
  
  • (34:20 ) - Compact block relay background
  
  
  • (39:56 ) - Mechanics of a potential attack
  
  
  • (42:49 ) - Discovery of the vulnerability
  
  
  • (47:56 ) - Bitcoin Core #26898 PR to fix the crash vulnerability in compact block relay
  
  
  • (49:33 ) - Benefits of modularizing code
  
  
  
  


• (56:25 ) - Lessons learned

Note: A vulnerability of ‘hindered block propagation due to mutated blocks’ was also disclosed and will be covered in a future podcast.