Subscribe to our weekly newsletter

Get the latest updates on the community, upcoming topics, and new discussions in your inbox every week.

Summary

Sergio Demian Lerner's examination of CVE-2017-12842 reveals a critical flaw in Bitcoin's Merkle tree structure, highlighting a concerning inertia within the Bitcoin Core development team regarding the remediation of known vulnerabilities. This issue illustrates a broader challenge of balancing vulnerability disclosure with the limited capacity for resolution by the development community, further complicated by inconsistent public notification practices for various vulnerabilities, including the "free-relay" bandwidth attack and CVE-2021-31876. The need for a standardized approach to vulnerability disclosure timelines is underscored, taking into account the readiness of security personnel and experts.

Operational difficulties in Bitcoin's testing platform, testnet3, such as ineffective testnet coin distribution and a bug leading to frequent mining difficulty resets, are under discussion. Proposals for addressing these challenges include a potential hard fork to fix the difficulty reset bug and considerations for replacing testnet3 with signet, aiming to enhance the development environment's utility. Meanwhile, the Swap-in-Potentiam proposal introduces a trust-minimizing method for transferring funds to the Lightning Network, incorporating Payjoin to improve transaction privacy and efficiency, showcasing a novel approach to integrating onchain and offchain Bitcoin operations.

Additionally, the development of a domain-specific language (DSL) for bitcoin contracts is introduced, designed to simplify the creation and execution of bitcoin contracts through a high-level syntax. This innovation aims to lower the barrier to entry for engaging with bitcoin transactions and contracts by abstracting the complexities involved, with documentation and examples provided for community engagement and contribution.

New posts

March 31, 2024 17:31 UTC

bitcoin-dev

A Free-Relay Attack Exploiting Min-Relay-Fee Differences
  • The attack involves exploiting minrelayfees through strategic transactions to benefit economically.
  • An attacker double-spends with transactions to maneuver around mempool limitations, recuperating funds.
  • Mitigation is seen as economically irrational for miners, highlighting the need for public awareness and solutions.

March 31, 2024 13:19 UTC

bitcoin-dev

The Future of Bitcoin Testnet

6 replies

  • Testnet3 faces issues like ineffective coin distribution and a bug affecting mining difficulty.
  • Misuse for scammy airdrops led to an unintended TBTC marketplace, undermining its purpose.
  • Solutions like a testnet reset, bug fixes, or moving to signet are under community discussion.

March 29, 2024 20:57 UTC

delvingbitcoin

Payjoin-in-Potentiam: Externally fund an LSP channel open with one transaction

4 replies

  • The Swap-in-Potentiam proposal facilitates moving funds to the Lightning Network with minimal trust.
  • Payjoin integrates external funds into channel openings, enhancing privacy and efficiency.
  • Detailed diagrams illustrate the step-by-step transaction flow, emphasizing timely communication.

March 29, 2024 16:50 UTC

delvingbitcoin

DSL for experimenting with contracts

6 replies

  • The DSL simplifies bitcoin contract processes with a comprehensive, declarative syntax.
  • It offers a high-level syntax for transactions and auto-manages witness programs.
  • Documentation and examples are available for those interested in its practical application.

March 28, 2024 18:34 UTC

bitcoin-dev

Re: A Free-Relay Attack Exploiting RBF Rule #6

1 reply

  • Sergio Demian Lerner highlighted a Bitcoin Merkle tree weakness, questioning the lack of rectification efforts.
  • An added security layer in Bitcoin Core 16.0 prevented block-malleability and double-spending attacks.
  • Antoine Riard discussed ethical disclosure challenges, contrasting response times and vendor issues in security research.

Ongoing Discussions

March 28, 2024 22:32 UTC

delvingbitcoin

Op_checkmaxtimeverify

13 replies

  • OP_EXPIRE in blockchain could allow attackers to exploit transaction expiration for network flooding.
  • High fee rates for these transactions might paradoxically waste block space to ensure mining.
  • The RBF protocol already compensates for bandwidth in transaction replacements, mitigating major concerns.

March 28, 2024 13:02 UTC

bitcoin-dev

Adding New BIP Editors

38 replies

  • Individuals discussed are Kanzure, Ruben Somsen, Greg Tonoski, Jon Atack, Roasbeef, and Seccour.
  • Matt was suggested for a role in the thread.
  • Detailed analysis of the discussion's content or intentions was not provided.

March 27, 2024 18:42 UTC

delvingbitcoin

[BUG]: spammers get Bitcoin blockspace at discounted price. Let's fix it

25 replies

  • David Bailey has been focusing on promoting commercial spam for over a year.
  • His strategy raises concerns about the ethics and effectiveness of spam in marketing.
  • The role of spam in digital marketing prompts a debate on ethics and business reputation.

March 27, 2024 14:47 UTC

delvingbitcoin

V3 and some possible futures

3 replies

  • Implementing "top block" systems in blockchain poses challenges in maintaining cluster integrity.
  • Preventing pinning attacks requires stringent validation of state transitions to preserve "top block" status.
  • Effective safeguard integration demands careful planning due to the complexity of maintaining cluster integrity.

March 26, 2024 19:11 UTC

bitcoin-dev

Great Consensus Cleanup Revival

3 replies

  • Addressing the timewarp attack is crucial for long-term timelock safety and network scalability.
  • Proposed consensus cleanup aims to invalidate old scripts post a certain block height to prevent DoS attacks.
  • Discussions include making coinbase transactions unique to prevent reorganization issues, despite potential mining competition concerns.

March 26, 2024 18:46 UTC

delvingbitcoin

Improving transaction sponsor blockspace efficiency

14 replies

  • Soft fork proposals could enhance Bitcoin scripting, introducing transaction sponsorship and `OP_EXPIRE`.
  • Implementing `OP_EXPIRE` and transaction sponsorship faces challenges like DoS risks and complex mempool redesigns.
  • Enabling third-party attachments could lead to DoS attacks, urging cautious consensus changes to preserve network integrity.

March 26, 2024 18:36 UTC

bitcoin-dev

A Free-Relay Attack Exploiting RBF Rule #6

19 replies

  • The email highlights concerns over improper vulnerability disclosure practices in Bitcoin development.
  • It questions the ethics of using disclosures to influence policy, pointing to potential conflicts of interest.
  • The discussion emphasizes the importance of responsible vulnerability management in software development.

March 25, 2024 17:46 UTC

delvingbitcoin

BTC Lisp as an alternative to Script

13 replies

  • In software development, distinguishing core elements from supplementary infrastructure is crucial.
  • Over 80% of code differences might relate to COQ proofs and supporting structures.
  • Understanding this distinction helps in informed decision-making on code updates and evaluation.

March 25, 2024 14:35 UTC

delvingbitcoin

Great Consensus Cleanup Revival

5 replies

  • Keeping Bitcoin Improvement Proposals simple avoids process slowdowns.
  • Nodes may validate competing blockchain tips in parallel to mitigate slow validation harm.
  • Coordination among pool operators during attacks could threaten network decentralization.

March 25, 2024 12:45 UTC

delvingbitcoin

Mempool Incentive Compatibility

41 replies

  • A vulnerability allows adversaries to extend transaction pinning with minimal fee increases.
  • The "V4-pool" solution mandates replacements qualify for top block inclusion to close this loophole.
  • This approach requires higher fees for transaction replacement, countering minimal fee exploitation.

March 25, 2024 08:36 UTC

delvingbitcoin

Mempool Based Fee Estimation on Bitcoin Core

6 replies

  • Enhancing fee estimation for blockchain mitigates risks from selfish mining via mempool-based methods.
  • A verbose option for direct mempool data aims to reduce reliance on manipulable external services.
  • Integrating improved estimation into wallets could increase transaction fee accuracy and reliability.

March 25, 2024 01:36 UTC

bitcoin-dev

Anyone can boost - a more efficient alternative to anchor outputs

4 replies

  • Peter Todd discusses vulnerabilities in transaction sponsorship, like unbacked user transactions.
  • He describes the risk of double-selling transaction space, causing conflicts between users.
  • Todd proposes a pay-for-signature scheme, though it may not fully solve trust and efficiency issues.