Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core pre-0.21.0 vulnerabilities.
- (0:00) - Introductions and motivation for disclosures
- (3:17) - Absolute value of a signed integer leads to rejection of all blocks
- (13:50) - Too many misbehaving peers leads to DoS
- (21:17) - Nested loop without deduplication leads to stalling
- (27:34) - Vulnerability in dependency leads to potential RCE
- (34:17) - Large memory allocation in peer receiver buffer and send buffer
- (35:41) - Payment request fetch causes mysterious crashing
- (37:39) - Misordered logic permits download of blocks bypassing checkpoints
- (42:21) - Lessons learned from these disclosures
Information
- Show
- FrequencyUpdated Biweekly
- PublishedJuly 11, 2024 at 2:00 PM UTC
- Length51 min
- RatingClean