CVE-2024-38365 public disclosure (btcd `FindAndDelete` bug)

The discussion revolves around the specific behavior of Bitcoin scripts, particularly focusing on how signatures commit to the scriptCode under certain conditions. A key point highlighted is the role of the OP_CODESEPARATOR in this process. It's noted that without using OP_CODESEPARATOR, signatures are expected to commit to the scriptCode. However, there's an acknowledgment of scenarios where the signature might not be valid with respect to the scriptCode, yet the script execution could still proceed successfully.

One example given involves the use of OP_EQUALVERIFY. The explanation suggests that under certain policy conditions (specifically mentioning the NULLFAIL policy), a core implementation should only remove one instance of failure upon encountering a CHECKSIG operation that does not pass. This would allow the script to continue and potentially succeed upon reaching operations like OP_SIZE. Conversely, it's mentioned that non-upgraded versions of btcd (a Bitcoin full node implementation) might behave differently by removing two instances when faced with an invalid signature plus noise scenario. This difference in handling could lead to failures in subsequent operations such as OP_SIZE and OP_EQUALVERIFY, illustrating a divergence in behavior between core and non-upgraded btcd implementations regarding script execution and signature validation.