June 13, 2024


This is an opinion editorial by Shinobi, a self-taught educator in the Bitcoin space and tech-oriented Bitcoin podcast host.

For the second time in roughly a month, btcd/LND have had a bug exploited which caused them to deviate in consensus from Bitcoin Core. Once again, Burak was the developer who triggered this vulnerability — this time it was clearly intentional — and once again, it was an issue with code for parsing Bitcoin transactions above the consensus layer. As I discussed in my piece on the prior bug that Burak triggered, before Taproot there were limits on how large the script and witness data in a transaction could be. With the activation of Taproot, those limits were removed leaving only the limitations on the block size limit itself to limit these parts of individual transactions. The problem with the last bug was that despite the fact that the consensus code in btcd was properly upgraded to reflect this change, the code handling peer-to-peer transmission — including parsing data before sending or when receiving — did not properly upgrade. So the code processing blocks and transactions before it actually got passed off to be validated for consensus failed the data, never passed it to the consensus validation logic and the block in question failed to ever be validated.


Source link