CVE-2024-38365 public disclosure (btcd `FindAndDelete` bug)

The discussion delves into the nuanced differences between the execution of scripts in btcd and Bitcoin Core, specifically focusing on the potential for discrepancies arising from the FindAndDelete implementation. This function's role is highlighted as critical in scenarios where a signature found within the scriptCode is required to trigger divergent script executions between the two platforms. The necessity for the signature to be valid under either btcd or Core underscores the complexity of achieving distinct outcomes, suggesting that public key recovery plays a pivotal role in this process.

Exploring further into the mechanics of script execution reveals a theoretical divergence when handling operations such as OP_EQUALVERIFY combined with CHECKSIG. The analysis suggests that Bitcoin Core's approach to processing these commands could lead to the removal of only one instance of a signature following a NULLFAIL policy failure, thereby allowing subsequent operations like OP_SIZE to succeed. In contrast, a non-upgraded version of btcd might eliminate both instances of a signature, leading to failure in both OP_SIZE and OP_EQUALVERIFY due to mismatches in expected outcomes versus actual script outputs.

The conversation also corrects misunderstandings regarding the function of FindAndDelete, clarifying that it does not alter the script during execution but rather modifies a copy for signing hash commitment purposes. This clarification emphasizes that even if a script were crafted to exploit perceived discrepancies between btcd and Bitcoin Core, the actual execution of the script would remain consistent across both platforms, thus negating the possibility of exploiting differences through the discussed method. The detailed examination of these technical aspects sheds light on the intricate behaviors of script execution across different Bitcoin implementations, underscoring the challenges in creating conditions for disparate executions.