The popular Bitcoin OpTech newsletter has created a Hall of Fame to thank developers who have responsibly disclosed major vulnerabilities in Bitcoin software without exploiting them for their own benefit. The list provides over four years of history of episodes where Bitcoin nearly failed.
Bitcoin OpTech develops open source technologies for companies interested in using bitcoin. He consistently sends responsible software vulnerability disclosures so the developers can work on it. The company is best known for its newsletter, a weekly email digest that covers technical news about Bitcoin and related software.
Now he maintains a list of some of the most important bugs he has received reports for. Many of these were serious Bitcoin vulnerabilities that an attacker could have used to cause significant damage to important parts of Bitcoin’s infrastructure, such as Bitcoin Core or the Lightning Network.
Bitcoin vulnerabilities: Block parsing bug in LND and BTCD
Bitcoin Optech Newsletter #222 reported block parsing bug in LND and BTCD detected by Burak passing brqgoo. He sent a Taproot tapscript 998 of 999 multi-signature transaction that broke a parsing library used by BTCD and LND. The bug was disclosed on November 9, 2022.
Taproot’s consensus rules did not limit the size of cookie data sent in a transaction. Users were quick to report that the BTCD Full Node and Lightning LND Network implementations failed to transfer data recent blocks. A developer fixed the issue with a new version of BTCD’s code.
Read more: Bug Freezes Bitcoin in Lightning Network for Hours
Security Vulnerability Detected in Lightning Network Dock Outputs
Bastien Teinturier informed recipients of the Lightning-Dev mailing list of a security issue affecting older versions of Core Lightning with experimental and LND features.
A more recent design of LN anchor outputs allowed parties to combine multiple revoked HTLC outputs into a single transaction. This design had a flaw that could allow a party that issued a revoked HTLC to steal unclaimed funds when an HTLC timelock has expired.
He had previously reported this to LN implementers and recommended that users of older Core Lightning releases install upgrades. The bug was reported in May 2021.
Cross-site scripting vulnerabilities in BTCPay Server
Ajmal Aboobacker and Abdul Muhaimin received disclosure bounties for notifying BTCPay developers about three cross-site scripting vulnerabilities in BTCPay Server. BTCPay Server 1.2.3 fixed the issue. The bug was shared with the public in September 2021.
Gap between BIP125 and Bitcoin Core implementations
Prior to this, Antoine Riard reported a possible source of conflict between BIP125 and Bitcoin Core which was disclosed in May 2021. BIP125 allowed unconfirmed parent transactions that senders could replace with Replace-By-Fee to make all transactions using the output of overridable parent transactions by inferred inheritance.
This feature caused a conflict with Bitcoin Core, which did not allow this behavior. The conflict could make an existing LN vulnerability disclosed in Optech Newsletter #95 cheaper to exploit.
Acceptance of non-standard signatures in LND
Antoine Riard revealed a vulnerability in LND in October of the same year, which caused him to accept transaction signatures that Bitcoin Core could not relay or exploit by default. When the transaction could not be confirmed at the Bitcoin Core level, the timeout expired and the attacker was able to steal the funds.
Denial of service attack due to lack of memory in the inventory
In September 2020, Braydon Fuller and Javed Khan disclosed a vulnerability allowing attackers to flood bitcoin nodes with inventory (inv) messages in a variation of the denial of service attack. Each inv message contained the maximum number of transaction hashes.
When target nodes received too many inv messages, they could lack of memory and crash. The denial of service attack could be combined with an eclipse attack to steal funds.
LN Fee Ransom Attack
In June 2020, René Pickhardt detected a Lightning Network vulnerability where a sender could hold payments hostage by not selecting an appropriate fee rate when sending payments.
Even in the Lightning Network, attackers could increase fee rates by sending a large number of “junk” transactions, which could make the recommended fee structure higher than the selected fee rate. Exploitation of this vulnerability could force the recipient to close the channel without receiving payments or agree to set off-chain HTLCs.
Attacks of excessive fee payment on multi-entry segwit transactions
Greg Sanders discovered a vulnerability in software commonly used to interact with hardware wallets in June 2020. Hardware wallets can provide secure storage digital assets in part because their owners usually don’t leave them connected to a computer that connects to the internet.
However, an attacker can hack the computer of the owner of a hardware wallet and use it to take control of the software. The attacker can use this to trick the hardware wallet into overpaying transaction fees by interfering with the algorithms used to calculate UTXO amounts.
Only vulnerability affects stateless signatories such as hardware wallets that do not store UTXO data and must recalculate it each time their owners send a transaction.
Overflow bug in the bech32 implementation of the C reference language
Trezor disclosed a bug in the reference function for Bech32 implementations written in the C programming language in November 2018. The bug does not affect implementations written in other programming languages.
He released a patch fixing the bug. Ledger notified Trezor of a similar bug in one of Trezor’s libraries for Bitcoin Cash addresses. Trezor has also created a patch to fix it.
Bitcoin Optech fixed a denial of service vulnerability
The Bitcoin Optech team fixed a denial of service vulnerability that an attacker could have used to trick miners accept invalid bitcoin transactions. He recommended that Bitcoin miners and services update their software to include the patch or wait for at least 30 confirmations.
Awemany initially reported the issue. Bitcoin Optech issued a warning about this vulnerability on September 20, 2018. According to the technical details, the bug could have allowed the miner to set up a specific set of conditions under which a sender could spend bitcoin twice.
Cory Fields reported a consensus-breaking bug in Bitcoin Cash
Cory Fields revealed in August of the same year that he had made an anonymous report of a consensus-breaking bug in Bitcoin Cash after a frustrating experience reporting the bug to Bitcoin Cash developers.
He recommended doing it easier to report vulnerabilities to digital asset projects anonymously. Neha Narula added some recommendations for the maintainers of the project to prevent potentially catastrophic bugs.
Vulnerability of SPV evidence is publicly disclosed by accident
A vulnerability in SPV proofs allows creating an SPV proof of a non-existent transaction by creating a real 64-bit transaction that tricks miners into including it in a block. Bitcoin creator Satoshi Nakamoto predicted this flaw in SPV evidence in section 8 of the Bitcoin whitepaper.
The developers believed that an attacker using this exploit would find it more expensive than it was worth. To cover their bases, however, they modified the Bitcoin Core RPCs to perform additional checks that can mitigate this vulnerability.
For more informed news, follow us on Twitter and Google News or listen to our investigative podcast Innovated: Blockchain City.